Symantec product detections for Microsoft monthly Security Advisories - December 2009

Article:TECH138052  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138052
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



December 8, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-2505

 

BID:

37197

 

Microsoft ID:

MS09-071

 

MSKB:

974318

 

 

Microsoft Rating:

Critical

Microsoft Protected Extensible Authentication Protocol Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Vista SP2

Vista x64 SP2

Server 2008 for 32-bit Systems SP2

Server 2008 x64 SP2

Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects Protected Extensible Authentication Protocol (PEAP) on the Internet Authentication Service (IAS) when validating PEAP authentication requests.

A remote attacker can exploit this issue by sending a malformed PEAP authentication request to an affected server.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2493

 

BID:

35828

 

Microsoft ID:

MS09-072

 

MSKB:

976325

 

Microsoft Rating:

Critical

Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, and 6 SP1

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) due to unsafe usage of ‘OleLoadFromStream’.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page that instantiates an ActiveX control affected by this issue.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3671

 

BID:

37188

 

Microsoft ID:

MS09-072

 

MSKB:

976325

 

Microsoft Rating:

Critical

Microsoft Internet Explorer (CVE-2009-3671) Uninitialized Memory Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 8

A remote code execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3672

 

BID:

37085

 

Microsoft ID:

MS09-072

 

MSKB:

976325

 

Microsoft Rating:

Critical

 

Microsoft Internet Explorer 'Style' Object Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6, 6 SP1, and 7

A previously public (Nov 20, 2009) remote code execution vulnerability affects Internet Explorer during handling of the ‘Style’ HTML tag when access via the ‘document.getElementsByTagName’ function. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23562

Detected as " HTTP IE Style Heap Spray BO"

 

AV:

Bloodhound.Exploit.286

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3673

 

BID:

37212

 

Microsoft ID:

MS09-072

 

MSKB:

976325

 

Microsoft Rating:

Critical

 

Microsoft Internet Explorer (CVE-2009-3673) Uninitialized Memory Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 7 and 8

A remote code execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3674

 

BID:

37213

 

Microsoft ID:

MS09-072

 

MSKB:

976325

 

Microsoft Rating:

Critical

 

Microsoft Internet Explorer (CVE-2009-3674) Uninitialized Memory Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 8

A remote code execution vulnerability affects Internet Explorer because of how it handles an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. 

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0102

 

BID:

37211

 

Microsoft ID:

MS09-074

 

MSKB:

967183

 

Microsoft Rating:

Critical

Microsoft Project Invalid Resource Memory Allocation Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Project 2000 SP1, 2002 SP1, and 2003 SP3

A remote code execution vulnerability affects Microsoft Project when handling specially crafted Project files.

An attacker can exploit this issue by tricking an unsuspecting user into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.

Sig ID:

N/A

AV:

Bloodhound.Exploit.313

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3675

 

BID:

37218

 

Microsoft ID:

MS09-069

 

MSKB:

974392

 

Microsoft Rating:

Important

Microsoft Windows LSASS ISAKMP Message Remote Denial of Service Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

A denial-of-service vulnerability affects Windows because the Local Security Authority Subsystem Service (LSASS)  fails to properly handle a ISAKMP message via Internet Protocol security (IPsec).

An attacker, authenticated and connecting through IPsec, can exploit this issue by sending a specially crafted ISAKMP message to an LSASS server.

A successful exploit will cause the affected computer to become unresponsive, effectively denying service.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2509

 

BID:

37214

 

Microsoft ID:

MS09-070

 

MSKB:

971726

 

Microsoft Rating:

Important

Microsoft Active Directory Federation Services Header Validation Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Server 2003 SP2

Server 2003 x64 Edition SP2

Server 2008, Server 2008 SP2

Server 2008 x64 Edition and Server 2008 x64 Edition SP2

A remote code execution vulnerability affects Active Directory Federation Services (ADSF) because it incorrectly validates headers sent from the client.

An authenticated attacker can exploit this issue by sending a specially crafted request header to an affected server.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3677

 

BID:

37198

 

Microsoft ID:

MS09-071

 

MSKB:

974318

 

Microsoft Rating:

Important

Microsoft Protected Extensible Authentication Protocol Authentication  Bypass Vulnerability

 

Unauthorized Authentication Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

XP SP2 and SP3

XP Professional x64 Edition SP2

Server 2003 SP2

Server 2003 for x64-based Systems SP2

Server 2003 with SP2 for Itanium-based Systems

Vista

Vista SP1

Vista x64 Edition

Vista x64 Edition SP1 and SP2

Server 2008 for 32-bit Systems

Server 2008 for x64-based Systems

Server 2008 for Itanium-based Systems

An unauthorized-access vulnerability affects Internet Authentication Service (IAS) because it fails to properly validate MS-CHAP v2 authentication requests.

An attacker can exploit this issue to bypass authentication and gain access as an arbitrary user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2506

 

BID:

37216

 

Microsoft ID:

MS09-073

 

MSKB:

975539

 

Microsoft Rating:

Important

Microsoft WordPad and Office Text Converter Word 97 File Parsing Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Office Word 2002 SP3

Microsoft Office Word 2003 SP3

Microsoft Works 8.5

Microsoft Office Converter Pack

A remote code execution vulnerability affects the text converters in WordPad and Office Word when opening a Word 97 file.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.312

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2508

 

BID:

37215

 

Microsoft ID:

MS09-070

 

MSKB:

971726

 

Microsoft Rating:

Moderate

Microsoft Windows Active Directory Single Sign On Authentication Spoofing Vulnerability

 

Authentication Spoofing Vulnerability

 

This vulnerability affects the following products:

Windows Server 2003 SP2

Server 2003 x64 Edition SP2

Server 2008

Server 2008 SP2

Server 2008 x64 Edition

Server 2008 x64 Edition SP2

Active Directory Federation Services (ADSF) is prone to a vulnerability that may allow an attacker to gain access to a victim’s authenticated session.

The problem occurs because the server fails to properly discard authentication credentials after a client logout.

An attacker with access to web cache data of a victim, can exploit this issue to authenticate to ADSF, and impersonate the victim.

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138052


Terms of use for this information are found in Legal Notices