Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, CS5 15.0.1, and possibly other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or aires.dll that is located in the same folder as an .ait or .eps file.

Untrusted search path vulnerability in Adobe On Location CS4 Build 315 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as an OLPROJ file.

Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 (314 (MC: 160820)) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse ibfs32.dll that is located in the same folder as a .pproj, .prfpset, .prexport, .prm, .prmp, .prpreset, .prproj, .prsl, .prtl, or .vpr file.

Untrusted search path vulnerability in Adobe Device Central CS5 3.0.0(376), 3.0.1.0 (3027), and probably other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse qtcf.dll that is located in the same folder as an ADCP file.

Untrusted search path vulnerability in Microsoft Visio 2003 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .vtx file.

Untrusted search path vulnerability in Microsoft Address Book (wab.exe) 6.00.2900.5512 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .wab, vCard (.vcf), or .p7c file.

Untrusted search path vulnerability in Microsoft Office Groove 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mso.dll or GroovePerfmon.dll that is located in the same folder as a .vcg or .gta file.

Untrusted search path vulnerability in the Microsoft Vista BitLocker Drive Encryption API allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse fveapi.dll that is located in the same folder as a .wbcat file.

Untrusted search path vulnerability in Microsoft Internet Connection Signup Wizard allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse smmscrpt.dll that is located in the same folder as an ISP file.

Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file.

Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.

Untrusted search path vulnerability in Microsoft Power Point 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.

Untrusted search path vulnerability in Microsoft Windows Internet Communication Settings on Windows XP SP3 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as an ISP file.

Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.

Untrusted search path vulnerability in the Indeo filter (iac25_32.ax) in Microsoft Windows, as used in BS.Player, Media Player Classic, and possibly other products, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse iacenc.dll that is located in the same folder as an AVI, .mka, .ra, or .ram file. NOTE: some of these details are obtained from third party information.

Shared by Jeff Williams
How OWASPish. Welcome Microsoft!

Hello all, Dave here…

We have received a quite a number of requests from various organizations and individuals that wish to use our Security Development Lifecycle (SDL) content to build out their own secure development processes. We have put a lot of thought into these requests and how best to service them.

Up to this point, Microsoft has released SDL information using a license that did not allow for reproduction, inclusion or transfer of any part of our documentation or process without express written consent from Microsoft.

I am happy to announce that from this point forward, Microsoft will be making our publicly available SDL documentation and other SDL process content available to the development community under a Creative Commons license. Specifically, we will be using the license that specifies Attribution, Non-Commercial, Share Alike (cc by-nc-sa) terms.

By changing the license terms, we are now allowing people and organizations to copy, distribute and transmit the documentation to others; this means that you can now incorporate content from the SDL documents we release under Creative Commons into your internal process documentation – subject to the terms specified by the Creative Commons license mentioned above.  

You can learn more about the specifics of that license here: http://creativecommons.org/licenses/by-nc-sa/3.0/

Note that we do not intend to change the licensing for any of the SDL tools released by Microsoft – those will continue to use existing Microsoft licenses.

Our first two documents for release under a Creative Commons license will be the English versions of the “Simplified Implementation of the Microsoft SDL” whitepaper and the Microsoft Security Development Lifecycle (SDL) - Version 5.0 paper that illustrates how Microsoft applies the SDL to our own products and services.  Those releases will be completed over the next few weeks. 

There is a lot of information on our portal about the SDL; case studies, whitepapers, training materials etc.  It is our intention to analyze this content and apply Creative Commons licenses to these works as well – assuming it makes sense and isn’t already covered by new works under a CC license.  It will take time for us to analyze and repost the documents with the new license – so we ask for your patience. 

It’s our hope that by making the SDL documentation more accessible and portable, that more people will start doing secure development and realizing the benefits of incorporating security and privacy throughout the development lifecycle.

How OWASPish. Welcome Microsoft!

Vulnerability disclosures are increasing dramatically, having reached record levels for the first half of 2010, according to the IBM X-Force 2010 Mid-Year Trend and Risk Report. Read the full article. [Help Net Security]

Shorten URL: . Click to copy to clipboard or post to Twitter Donald Sears

The new bill requires that the company include the type of personal information exposed in the breach; the date or estimated date of the breach; a general description of the incident itself; and toll-free numbers and addresses for credit reporting agencies if the breach included social security numbers, driver's licenses, or California ID cards. Read the full article. [Dark Reading]

Shorten URL: . Click to copy to clipboard or post to Twitter Donald Sears10427626516446343462

DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.

IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.