Outlook Express MHTML URI Handler Information Disclosure Vulnerability (updated: affects IE7 in Vista)

Outlook Express MHTML URI Handler Information Disclosure Vulnerability (updated: affects IE7 in Vista)


Outlook express is prone to a cross-domain information-disclosure vulnerability.


This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user’s browser. Attackers could exploit this issue to gain access to sensitive information (such as cookies or passwords) that is associated with the external domain.


This issue was previously reported as an Internet Explorer vulnerability, but the affected component is found to be part of Outlook Express. Microsoft confirmed that this is an Outlook Express vulnerability that can also be exploited through Internet Explorer.


http://www.securityfocus.com/bid/17717/discuss

Vulnerability in PGP Desktop Service

US-CERT is aware of a memory corruption vulnerability in the PGP Desktop service. The PGP Desktop service fails to validate user-supplied data. By sending a specially crafted object to the PGP Desktop service, a remote, authenticated attacker may be able to execute arbitrary code with potentially elevated privileges on a vulnerable system.


PGP states that upgrading to the latest version of PGP Desktop will address this vulnerability. See https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=703


http://www.us-cert.gov/current/index.html#pgp0valdt

CounterSpy will still protect users from MIRAR Toolbar

NetNucleus, makers of the Mirar Toolbar sent a cease and desist letter to Sunbelt Software (maker of CounterSpy antispyware).  They are demanding removal of their product in CounterSpy’s spyware database.


CounterSpy respond.  See http://www.sunbelt-software.com/ihs/alex/Sunbelt_20NetNucleus_20Ltr_20070131Final.pdf (pdf format)


Sunbelt will continue to protect its customers against the said toolbar [Y]

MSRC: Issue regarding Windows Vista Speech Recognition

Microsoft Security Response Center blog today the following:


An issue has been identified publicly where an attacker could use the speech recognition capability of Windows Vista to cause the system to take undesired actions. While it is technically possible, there are some things that should be considered when trying to determine what the threat of exposure is to your Windows Vista system.


Read more about it at http://blogs.technet.com/msrc/archive/2007/01/31/issue-regarding-windows-vista-speech-recognition.aspx

Microsoft praises effort of California law enforcement

“Microsoft applauds the Riverside County Sheriff’s Department’s efforts to stop the production and sale of counterfeit software. The arrest of an individual allegedly involved in a piracy operation worth hundreds of thousands of dollars is a great success and sends a strong message that counterfeiting has the potential to carry significant criminal penalties for those who choose to engage in it.


“The Sheriff’s Department’s CATCH (Computer And Technology Crime High-Tech Response) Team should be congratulated for its professionalism and tenacity in the eight-month investigation that led to yesterday’s arrest. The Riverside team is one of five task forces in California charged with investigating high-tech crime, and Microsoft strongly supports the professional investigators working behind the scenes to stop fraudulent and illegal behavior. Their work has a direct impact on helping to protect consumers from counterfeit software and the risks associated with its use.


More at http://www.microsoft.com/Presspass/press/2007/jan07/SoftwarePiracyArrestPR.mspx

Sony BMG Settles FTC Charges

CDs’ Embedded Content Protection Software Posed Security Risks, Limited CD Use, and Monitored Users’ Listening Habits on their Computers, Without Consumer Consent


Sony BMG Music Entertainment has agreed to settle Federal Trade Commission charges that it violated federal law when it sold CDs without telling consumers that they contained software that limited the devices on which the music could be played, restricted the number of copies that could be made, and contained technology that monitored their listening habits to send them marketing messages. According to the FTC, the software also exposed consumers to significant security risks and was unreasonably difficult to uninstall. The proposed settlement requires Sony BMG to clearly disclose limitations on consumers’ use of music CDs, bars it from using collected information for marketing, prohibits it from installing software without consumer consent, and requires it to provide a reasonable means of uninstalling that software. The settlement also requires that Sony BMG allow consumers to exchange the CDs through June 31, 2007, and reimburse consumers for up to $150 to repair damage to their computers that they may have suffered in trying to remove the software.


“Installations of secret software that create security risks are intrusive and unlawful,” said FTC Chairman Deborah Platt Majoras. “Consumers’ computers belong to them, and companies must adequately disclose unexpected limitations on the customary use of their products so consumers can make informed decisions regarding whether to purchase and install that content.”


http://www.ftc.gov/opa/2007/01/sony.htm

Captcha and Textimage Modules for Drupal Security Validation Bypass Vulnerability

A vulnerability has been identified in Captcha and Textimage (modules for Drupal), which could be exploited by remote attackers to bypass security restrictions. This issue is due to an input validation error when processing certain responses, which could be exploited by attackers or automated systems to bypass the captcha validation and post arbitrary data.


Affected Products
Captcha (module for Drupal) versions prior to 4.7.x-1.2
Captcha (module for Drupal) versions prior to 5.x-1.1
Textimage (module for Drupal) versions prior to 4.7.x-1.2
Textimage (module for Drupal) versions prior to 5.x-1.1


Solution
Upgrade to Captcha version 4.7.x-1.2 or 5.x-1.1 :
http://drupal.org/project/captcha


Upgrade to Textimage version 4.7.x-1.2 or 5.x-1.1 :
http://drupal.org/project/textimage


References
http://www.frsirt.com/english/advisories/2007/0431
http://drupal.org/node/114364
http://drupal.org/node/114519

Microsoft Windows Mobile Internet Explorer and Pictures and Videos Denial of Service

Two vulnerabilities have been identified in Windows Mobile, which could be exploited by attackers to cause a denial of service.
The first issue is due to an error in Internet Explorer when handling malformed data, which could be exploited by attackers to crash a vulnerable browser by tricking a user into visiting a specially crafted web page.


The second issue is due to an error in the Pictures and Videos application that fails to properly handle malformed JPEG images, which could be exploited by attackers to cause a vulnerable device to hang, creating a denial of service condition.


Affected Products
Microsoft Windows Mobile 2003
Microsoft Windows Mobile 2003SE
Microsoft Windows Mobile 5.0


Solution
The FrSIRT is not aware of any official supplied patch for this issue.


References
http://www.frsirt.com/english/advisories/2007/0434
http://blog.trendmicro.com/trend-micro-finds-more-windows-mobile-flaws/

What? They need to pay $1.99 for a patch!?!

http://www.betanews.com/article/Apple_Offers_199_80211n_Upgrade/1170176139 


Apple Offers $1.99 802.11n Upgrade – Apple has begun offering a $1.99 USD software patch that would enable use of 802.11n wireless networking on select Intel-based Mac models. However, the update has not come without controversy.


I’m happy that Dell did NOT ask me to pay when I returned my Dell XPS M1210 last time and requested a new replacement.  Also, when I returned the first shipped notebook, it has Dell Wireless 350 Bluetooth Internal Module.  When I received the new replacement notebook, the Dell Wireless 350 Bluetooth Internal Module is gone.. it was replaced by Dell with Dell Wireless 355 Bluetooth Module (Bluetooth 2.0 + EDR) which I believe better and newer! I didn’t have to pay for that “upgrade” on module. It’s FREE upgrade!!


Update: Link to the said upgrade that cost USD1.99 at http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/wa/RSLID?mco=9BFE4FC5&nplm=D4141ZM%2FA via CoU

SONAR: Symantec Online Network for Advanced Response and PeaComm

“On January 17th, Symantec announced a new technology, SONAR, which stands for Symantec Online Network for Advanced Response. In the week of the announcement, SONAR already played a critical role as an early warning system and Zero Hour detection for the PeaComm threat….. “


Read how SONAR played a critical role as early warning system and 0-hour detection for the said threat at http://www.symantec.com/home_homeoffice/blog/detail.jsp?blogid=sonar&profileid=laura_garcia-manrique