Symantec product detections for Microsoft monthly Security Advisories - November 2009

Article:TECH138054  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138054
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



November 10, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-2512

 

BID:

36919

 

Microsoft ID:

MS09-063

 

MSKB:

973565

 

Microsoft Rating:

Critical

Microsoft Windows Web Services on Devices API Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Vista, Vista SP1, SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects Web Services on Devices API (WSDAPI) on Windows systems.

The problem occurs when handling a WSDAPI message with a malformed MIME header.

An attacker  on the local subnet can exploit this issue to execute arbitrary code with SYSTEM-level privileges, resulting in a complete system compromise.

Sig ID: 23525

 

Detected as "TCP WSDAPI Remote Code Exec"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2523

 

BID:

36921 

 

Microsoft ID:

MS09-064

 

MSKB:

974783

 

Microsoft Rating:

Critical

Microsoft Windows License Logging Server Remote Heap Buffer Overflow Vulnerability

 

Remote Heap Buffer Overflow Vulnerability

 

This vulnerability affects the following products:

Windows Vista,Vista SP1, SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

 Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects Web Services on Devices API (WSDAPI) on Windows systems.

The problem occurs when handling a WSDAPI message with a malformed MIME header.

An attacker  on the local subnet can exploit this issue to execute arbitrary code with SYSTEM-level privileges, resulting in a complete system compromise.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2514

 

BID:

36029

 

Microsoft ID:

MS09-065

 

MSKB:

969947

 

Microsoft Rating:

Critical

Microsoft Windows Embedded OpenType Font Engine Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

A previously public (Aug 11, 2009) remote code execution vulnerability affects the Embedded OpenType (EOT) font engine.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing content containing a specially crafted EOT font.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the kernel.

This may facilitate a complete compromise of the affected computer

Sig ID: N/A

AV: N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1127

 

BID:

36939

 

Microsoft ID:

MS09-065

 

MSKB:

969947

 

Microsoft Rating:

Important

Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A local privilege-escalation vulnerability affects the Windows kernel due to a NULL pointer dereference.

A local attacker can exploit this issue to gain complete control of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2513

 

BID:

36941

 

Microsoft ID:

MS09-065

 

MSKB:

969947

 

Microsoft Rating:

Important

Microsoft Windows Kernel GDI Data Validation Local Privilege Escalation Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A local privilege-escalation vulnerability affects the Windows kernel due to insufficient data validation of user mode data passed through kernel component of GDI.

A local attacker can exploit this issue to gain complete control of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1928

 

BID:

36918

 

Microsoft ID:

MS09-066

 

MSKB:

973039

 

Microsoft Rating:

Important

Microsoft Active Directory LDAP Request Stack Exhaustion Denial Of Service Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

Active Directory

Active Directory Application Mode (ADAM)

Active Directory Lightweight Directory Service (AD LDS)

 

A denial-of-service vulnerability affects Active Directory when handling certain malformed LDAP or LDAPS requests

A remote unauthenticated attacker can exploit this issue to exhaust stack space and cause the affected computer to stop responding.

 

 

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3127

 

BID:

36943

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating Important:

 

Microsoft Excel Cache Memory Corruption Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Microsoft Office Excel Viewer 2003 SP3

A remote code-execution vulnerability affects Excel when handling cache memory when opening an Excel file.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3128

 

BID:

36944

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel 'SxView' Memory Corruption Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel Viewer 2003 SP3

A remote code-execution vulnerability affects Excel in the SxView component when opening an Excel file that contains a malformed record object.

 An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3129

 

BID:

36945

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel 'Featheader' Record Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel 2007 SP1 and SP2

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer SP1 and SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

A remote code-execution vulnerability affects Excel in the Featheader component when opening an Excel file that contains a malformed record object.

 An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

Bloodhound.Exploit.306

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3130

 

BID:

36946

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel Malformed BIFF Record Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

A remote code-execution vulnerability affects Excel when handling malformed BIFF records when opening an Excel file.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

Bloodhound.Exploit.307

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3131

 

BID:

36908

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel Formula Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel 2007 SP1 and SP2

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Microsoft Office Excel Viewer 2003 SP3, Microsoft Office Excel Viewer SP1 and SP2, and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

A remote code-execution vulnerability affects Excel when parsing a specially crafted formula embedded in a cell.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3132

 

BID:

36909

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel Index Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel 2007 SP1 and SP2

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer SP1 and SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

A remote code-execution vulnerability affects Excel due to pointer corruption when loading excel formulas.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3133

 

BID:

36911

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel Document Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

A remote code-execution vulnerability affects Excel due to memory corruption when opening an Excel file.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3134

 

BID:

36912

 

Microsoft ID:

MS09-067

 

MSKB:

972652

 

Microsoft Rating:

Important

Microsoft Excel Field Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel 2007 SP1 and SP2

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer SP1 and SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

A remote code-execution vulnerability affects Excel when handling a malformed record object in an Excel file.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploits will result in the execution of arbitrary attacker supplied code in the context of the victim running the affected application.

Sig ID: N/A

AV:

Bloodhound.Exploit.308

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3135

 

BID:

36950

 

Microsoft ID:

MS09-068

 

MSKB:

976307

 

Microsoft Rating:

Important

Microsoft Word Record Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Word 2002 SP3

Microsoft Office Word 2003 SP3

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Open XML File Format Converter for Mac

Microsoft Office Word Viewer 2003 SP3

Microsoft Office Word Viewer

A remote code execution vulnerability affects Word when handling files that contain a malformed record.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the user running the affected application.

Sig ID: N/A

AV:

Bloodhound.Exploit.303

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138054


Terms of use for this information are found in Legal Notices