Symantec product detections for Microsoft monthly Security Advisories - October 2009

Article:TECH138055  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138055
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



October 13, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-2532

 

BID:

36594

 

Microsoft ID:

MS09-050

 

MSKB:

975517

 

Microsoft Rating:

Critical

 

Microsoft Windows SMB2 Command Line Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems

x`Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects Microsoft Server Message Block (SMB) protocol software when handling SMB Multi-Protocol Negotiate Request packets.

An attacker can exploit this issue by sending a malicious packet to an affected service.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected service.

This may facilitate a complete compromise of an affected computer.

Sig ID: 23471

 

Detected as:" MS SMB2 ValidateProviderCallback RCE" 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3103

 

BID:

36299

 

Microsoft ID:

MS09-050

 

MSKB:

975517

 

Microsoft Rating:

Critical

 

Microsoft Windows SMB2 Command Line Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability     

 

This vulnerability affects the following products:

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2

A previously public (Sep 7, 2009) remote code execution vulnerability affects Microsoft Server Message Block (SMB) protocol software in the ‘_Smb2ValidateProviderCallback()’ function of the ‘srv2.sys’ driver.

A remote attacker can exploit this issue by sending a specially crafted SMB packet to an affected service. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected service.

This may facilitate a complete compromise of an affected computer. 

Sig ID: 23471

 

Detected as "MS SMB2 ValidateProviderCallback RCE"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2525

 

BID:

36614

 

Microsoft ID:

MS09-051

 

MSKB:

975682

 

Microsoft Rating:

Critical

Microsoft Windows Media Runtime Speech Codec Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager

A remote code execution vulnerability affects Windows Media Player when handling certain functions in compressed audio files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.          

Sig ID: 23498

 

Detected as "HTTP Windows Media ASF Code Exec"

 

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2527

 

BID:

36644

 

Microsoft ID:

MS09-052

 

MSKB:

974112

 

Microsoft Rating:

Critical

Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows Media Player 6.4

A remote code execution vulnerability affects Windows Media Player when processing ASF files.

An attacker can exploit this issue by tricking a victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23504

 

Detected as "HTTP Windows Media Player BO"

AV:

Bloodhound.Exploit.279

 

Sygate IDS:

 

CAN/CVE ID:

CVE-2009-2521

 

BID:

36273

 

Microsoft ID:

MS09-053

 

MSKB:

975254

 

Microsoft Rating:

Critical

Microsoft IIS FTPd Globbing Functionality Remote Denial of Service Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Information Services 5.0

Microsoft Internet Information Services 5.1

Microsoft Internet Information Services 6.0

Microsoft Internet Information Services 7.0

A previously public (Sep 3, 2009) remote denial-of-service vulnerability affects IIS FTP service when handling wild card characters in the globbing functionality.

A remote authenticated attacker can exploit this issue to cause the affected service to stop, and reboot.

Sig ID: 23501

 

Detected as: "RPC Lsass Ntlm Auth Dos"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2529

 

BID:

36621

 

Microsoft ID:

MS09-054

 

MSKB:

974455

 

Microsoft Rating:

Critical

Microsoft Internet Explorer HTML Component Handling Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

 Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

Internet Explorer 8

A remote code execution vulnerability affects Internet Explorer because it fails to properly validate certain arguments of a variant.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2530 

 

BID:

36620

 

Microsoft ID:

MS09-054

 

MSKB:

974455

 

Microsoft Rating:

Critical

Microsoft Internet Explorer (CVE-2009-2530) Uninitialized Memory Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

Internet Explorer 8

A remote code execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized, or has been deleted.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2531 

 

BID:

36616

 

Microsoft ID:

MS09-054

 

MSKB:

974455

 

Microsoft Rating:

Critical

Microsoft Internet Explorer (CVE-2009-2531) Memory Corruption Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

Internet Explorer 8 

A remote code execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized, or has been deleted.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2493

 

BID:

35828

 

Microsoft ID:

MS09-055

 

MSKB:

973525

 

Microsoft Rating:

Critical

Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Outlook 2002 SP3

Microsoft Office Outlook 2003 SP3

Microsoft Office Outlook 2007 SP1 and SP2

Microsoft Visio 2002 Viewer, and Microsoft Office Visio 2003 Viewer 

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) because of errors in the ATL headers that instantiate objects from data streams.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23406

 

Detected as: "HTTP MS MPEG2TuneRequestControl ActiveX Inst"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0901

 

BID:

35832

 

Microsoft ID:

MS09-060

 

MSKB:

973965

 

Microsoft Rating:

Critical

Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Outlook 2002 SP3

Microsoft Office Outlook 2003 SP3

Microsoft Office Outlook 2007 SP1 and SP2

Microsoft Visio 2002 Viewer

Microsoft Office Visio 2003 Viewer

Microsoft Office Visio Viewer 2007

Microsoft Office Visio Viewer 2007 SP1

Microsoft Office Visio Viewer 2007 SP2

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) due to an issue in the ATL headers that may allow an attacker to call the ‘VariantClear()’ function on uninitialized variants.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23406

 

Detected as "HTTP MS MPEG2TuneRequestControl ActiveX Instantiation"

 

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2493

 

BID:

35828 

 

Microsoft ID:

MS09-060

 

MSKB:

973965

 

Microsoft Rating:

Critical

Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Outlook 2002 SP3

Microsoft Office Outlook 2003 SP3

Microsoft Office Outlook 2007 SP1 and SP2

 Microsoft Visio 2002 Viewer, and Microsoft Office Visio 2003 Viewer

A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) because of errors in the ATL headers that instantiate objects from data streams.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23406

 

Detected as: "HTTP MS MPEG2TuneRequestControl ActiveX "

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2495 

 

BID:

35830

 

Microsoft ID:

MS09-060 

 

MSKB:

973965

 

Microsoft Rating:

Critical

Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability

 

Information Disclosure Vulnerability

 

This vulnerability affects the following products:

Microsoft Outlook 2002 SP3

Microsoft Office Outlook 2003 SP3

Microsoft Office Outlook 2007 SP1 and SP2

Microsoft Visio 2002 Viewer, Microsoft Office Visio 2003 Viewer

Microsoft Office Visio Viewer 2007

Microsoft Office Visio Viewer 2007 SP1

Microsoft Office Visio Viewer 2007 SP2

An information disclosure vulnerability affects the Microsoft Active Template Library (ATL) when reading a string without a trailing NULL character.

An attacker can exploit this issue to read additional memory past the end of the string.

Information obtained may aid in further attacks.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0090

 

BID:

36611

 

Microsoft ID:

MS09-061

 

MSKB:

973965

 

Microsoft Rating:

Critical

Microsoft .NET Framework Pointer Verification Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability 

 

This vulnerability affects the following products:

Microsoft .NET Framework 1.0 SP3

Microsoft .NET Framework 1.1 SP1

Microsoft .NET Framework 2.0 SP1

A remote code execution vulnerability affects Microsoft .NET Framework because of how Code Access Security (CAS) verifies .NET code.

An attacker can exploit this issue by tricking a victim into viewing a malicious web page, by tricking a victim into running a malicious .NET application, or through a web hosting environment to break out of the CAS sandbox.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0091

 

BID:

36618

 

Microsoft ID:

MS09-061

 

MSKB:

974378

 

Microsoft Rating:

Critical

Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability 

 

This vulnerability affects the following products:

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 SP1

Microsoft .NET Framework 3.5

A remote code execution vulnerability affects Microsoft .NET Framework because of how Code Access Security (CAS) verifies .NET code.

An attacker can exploit this issue by tricking a victim into viewing a malicious web page, by tricking a victim into running a malicious .NET application, or through a web hosting environment to break out of the CAS sandbox.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2497

 

BID:

36617 

 

Microsoft ID:

MS09-061

 

MSKB:

974378

 

Microsoft Rating:

Critical

Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft .NET Framework 2.0

Microsoft .NET Framework 2.0 SP1

Microsoft .NET Framework 2.0 SP2

Microsoft .NET Framework 3.5

Microsoft .NET Framework 3.5 SP1

Microsoft Silverlight

Microsoft Silverlight 2

A remote code execution vulnerability affects Microsoft .NET Framework and Silverlight because of how Common Language Runtime (CLR) handles interfaces.

An attacker can exploit this issue by tricking a victim into viewing a malicious web page, by tricking a victim into running a malicious .NET application, or through a web hosting environment to break out of the CAS sandbox.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0555

 

BID:

36602

 

Microsoft ID:

MS09-051

 

MSKB:

 975682

 

Microsoft Rating:

Critical

Microsoft Windows Media Runtime Compression ASF File Remote Memory Corruption Vulnerability

 

Remote Memory Corruption Vulnerability

 

This vulnerability affects the following products:

DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager

.

A remote code execution vulnerability affects Windows Media Player when processing specially crafted Advanced Systems Format (ASF) files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23505

 

Detected as "HTTP MS GDI+ WMF Heap Overflow"

 

AV:

Bloodhound.Exploit.276

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2500

 

BID:

36619

 

Microsoft ID:

MS09-062

 

MSKB:

957488

 

Microsoft Rating:

Critical

Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Explorer 6 SP1

Windows XP SP2 and XP SP3

Microsoft Office XP SP3, Microsoft Office 2003 SP3

2007 Microsoft Office System SP1

2007 Microsoft Office System SP2

Microsoft Office Project 2002 SP1

Microsoft Visio 2002 SP2

Microsoft Office Word Viewer

Microsoft Word Viewer 2003

Microsoft Word Viewer 2003 SP3

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer

Microsoft Office PowerPoint Viewer 2007

Microsoft Office PowerPoint Viewer 2007 SP1

Microsoft Office PowerPoint Viewer 2007 SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Microsoft Expression Web

Microsoft Expression Web 2, Microsoft Office Groove 2007

Microsoft Office Groove 2007 SP1

Microsoft Works 8.5

SQL Server 2000 Reporting Services SP2

SQL Server 2005 SP2, SQL Server 2005 x64 Edition SP2

SQL Server 2005 for Itanium-based Systems SP2

SQL Server 2005 SP3

SQL Server 2005 x64 Edition SP3

SQL Server 2005 for Itanium-based Systems SP3

Microsoft Report Viewer 2005 SP1 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package SP1

Microsoft Forefront Client Security 1.0

A remote code execution vulnerability affects GDI+ because of the way it allocates a buffer size when handling a malicious WMF image file.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file.

A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.                  

 

Sig ID:

 

AV:

Bloodhound.Exploit.273

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2501

 

BID:

36645

 

Microsoft ID:

957488

 

MSKB:

MS09-062

 

Microsoft Rating:

Critical

Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Explorer 6 SP1

Windows XP SP2 and XP SP3

Microsoft Office XP SP3

Microsoft Office 2003 SP3

2007 Microsoft Office System SP1

2007 Microsoft Office System SP2

Microsoft Office Project 2002 SP1

Microsoft Visio 2002 SP2

Microsoft Office Word Viewer

Microsoft Word Viewer 2003

Microsoft Word Viewer 2003 SP3

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer

Microsoft Office PowerPoint Viewer 2007

Microsoft Office PowerPoint Viewer 2007 SP1

Microsoft Office PowerPoint Viewer 2007 SP2, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Microsoft Expression Web

Microsoft Expression Web 2

Microsoft Office Groove 2007

Microsoft Office Groove 2007 SP1

Microsoft Works 8.5

SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2

SQL Server 2005 x64 Edition SP2

SQL Server 2005 for Itanium-based Systems SP2

SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3

SQL Server 2005 for Itanium-based Systems SP3

Microsoft Report Viewer 2005 SP1 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package SP1

Microsoft Forefront Client Security 1.0

A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling PNF image files.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file.

A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.  

Sig ID:

N/A

AV:

Bloodhound.Exploit.277

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2502 

 

BID:

36646

 

Microsoft ID:

MS09-062

 

MSKB:

957488

 

Microsoft Rating:

Critical

Microsoft GDI+ TIFF File Processing Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Explorer 6 SP1

Windows XP SP2 and XP SP3

 Microsoft Office XP SP3, Microsoft Office 2003 SP3

2007 Microsoft Office System SP1

2007 Microsoft Office System SP2

Microsoft Office Project 2002 SP1, Microsoft Visio 2002 SP2

Microsoft Office Word Viewer

Microsoft Word Viewer 2003

Microsoft Word Viewer 2003 SP3

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer, Microsoft Office PowerPoint Viewer 2007

Microsoft Office PowerPoint Viewer 2007 SP1

Microsoft Office PowerPoint Viewer 2007 SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Microsoft Expression Web

Microsoft Expression Web 2

Microsoft Office Groove 2007

Microsoft Office Groove 2007 SP1

Microsoft Works 8.5

SQL Server 2000 Reporting Services SP2

SQL Server 2005 SP2, SQL Server 2005 x64 Edition SP2

SQL Server 2005 for Itanium-based Systems SP2

SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3, SQL Server 2005 for Itanium-based Systems SP3

Microsoft Report Viewer 2005 SP1 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package SP1

Microsoft Forefront Client Security 1.0

A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling TIFF image files.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file.

A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.

Sig ID:

N/A

AV:

Bloodhound.Exploit.275

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2503

 

BID:

36647

 

Microsoft ID:

MS09-062 

 

MSKB:

957488

 

Microsoft Rating:

Critical

Microsoft GDI+ TIFF File Processing Memory Corruption Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Explorer 6 SP1

Windows XP SP2 and XP SP3

 Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

 Windows Server 2003 x64 Edition SP2

 Windows Server 2003 with SP2 for Itanium-based Systems

Microsoft Office XP SP3

Microsoft Office 2003 SP3, 2007

Microsoft Office System SP1, 2007

Microsoft Office System SP2

Microsoft Office Project 2002 SP1,

Microsoft Visio 2002 SP2

Microsoft Office Word Viewer

 Microsoft Word Viewer 2003

Microsoft Word Viewer 2003 SP3

Microsoft Office Excel Viewer 2003

 Microsoft Office Excel Viewer 2003 SP3

 Microsoft Office Excel Viewer

 Microsoft Office PowerPoint Viewer 2007

 Microsoft Office PowerPoint Viewer 2007 SP1

 Microsoft Office PowerPoint Viewer 2007 SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Microsoft Expression Web

 Microsoft Expression Web 2

 Microsoft Office Groove 2007

 Microsoft Office Groove 2007 SP1

 Microsoft Works 8.5, SQL Server 2000 Reporting Services SP2

 SQL Server 2005 SP2, SQL Server 2005 x64 Edition SP2, SQL Server 2005 for Itanium-based Systems SP2

 SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3

 SQL Server 2005 for Itanium-based Systems SP3

Microsoft Report Viewer 2005 SP1 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package, Microsoft Report Viewer 2008 Redistributable Package SP1

 Microsoft Forefront Client Security 1.0

 

A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling a TIF image file.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file.

 A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.      

Sig ID:

N/A

AV:

Bloodhound.Exploit.283

 

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2504

 

BID:

36648

 

Microsoft ID:

MS09-062

 

MSKB:

957488

 

Microsoft Rating:

Critical

Microsoft GDI+ .NET Framework 'PropertyItem' Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft .NET Framework 1.1 SP1

Microsoft .NET Framework 2.0 SP1

Microsoft .NET Framework 2.0 SP2

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems, Microsoft Office XP SP3

Microsoft Office 2003 SP3

2007 Microsoft Office System SP1

2007 Microsoft Office System SP2

Microsoft Office Project 2002 SP1

Microsoft Visio 2002 SP2, Microsoft Office Word Viewer

Microsoft Word Viewer 2003

Microsoft Word Viewer 2003 SP3

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer

Microsoft Office PowerPoint Viewer 2007

Microsoft Office PowerPoint Viewer 2007 SP1

Microsoft Office PowerPoint Viewer 2007 SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Microsoft Expression Web

Microsoft Expression Web 2

Microsoft Office Groove 2007

Microsoft Office Groove 2007 SP1, Microsoft Works 8.5

SQL Server 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 Edition SP2

SQL Server 2005 for Itanium-based Systems SP2

SQL Server 2005 SP3

SQL Server 2005 x64 Edition SP3

SQL Server 2005 for Itanium-based Systems SP3

Microsoft Report Viewer 2005 SP1 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package SP1

Microsoft Forefront Client Security 1.0

A remote code execution vulnerability affects GDI+ .NET.

 An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3126

 

BID:

36649 

 

Microsoft ID:

MS09-062

 

MSKB:

957488

 

Microsoft Rating:

Critical

Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Explorer 6 SP1

 Windows XP SP2 and XP SP3

Microsoft Office XP SP3, Microsoft Office 2003 SP3

 2007 Microsoft Office System SP1

 2007 Microsoft Office System SP2

 Microsoft Office Project 2002 SP1

Microsoft Visio 2002 SP2

Microsoft Office Word Viewer

Microsoft Word Viewer 2003

Microsoft Word Viewer 2003 SP3

Microsoft Office Excel Viewer 2003

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer

Microsoft Office PowerPoint Viewer 2007

Microsoft Office PowerPoint Viewer 2007 SP1

Microsoft Office PowerPoint Viewer 2007 SP2

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

Microsoft Expression Web

Microsoft Expression Web 2

Microsoft Office Groove 2007

Microsoft Office Groove 2007 SP1

Microsoft Works 8.5

SQL Server 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 Edition SP2

SQL Server 2005 for Itanium-based Systems SP

SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3, SQL Server 2005 for Itanium-based Systems SP3

Microsoft Report Viewer 2005 SP1 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package

Microsoft Report Viewer 2008 Redistributable Package SP1

Microsoft Forefront Client Security 1.0

A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling PNG image files.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file.

A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1547 

 

BID:

36622

 

Microsoft ID:

MS09-056

 

MSKB:

974455

 

Microsoft Rating:

Critical

Microsoft Internet Explorer Data Stream Header Corruption Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

A remote code execution vulnerability affects Internet Explorer when it processes specific data stream headers.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2526

 

BID:

36595

 

Microsoft ID:

MS09-050

 

MSKB:

975517

 

Microsoft Rating:Important

 

Microsoft Windows SMB2 Field Validation Remote Denial of Service Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2

A remote denial-of-service vulnerability affects Microsoft Server Message Block (SMB) protocol software when handling specially crafted SMBv2 packets.

An attacker can exploit this issue by sending a specially crafted packet to the affected service.

An successful exploit will cause the affected computer to stop responding until manually rebooted.

Sig ID: 23497

 

Detected as: "MS SMB2 DFS Referral BO"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-3023 

 

BID:

36189

 

Microsoft ID:

MS09-053

 

MSKB:

975254

 

Microsoft Rating:Important

Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability 

 

Remote Buffer Overflow Vulnerability 

 

This vulnerability affects the following products:

Microsoft Internet Information Services 5.0

Microsoft Internet Information Services 5.1

Microsoft Internet Information Services 6.0

A previously public (Aug 31, 2009) remote code execution vulnerability affects IIS FTP service when handling a specially crafted ‘NLST’ command.

An attacker can exploit this issue on Windows 2000 platforms to execute arbitrary code in the context of the affected service.

On other platforms, an attacker can cause denial-of-service conditions.

Sig ID: 23467

 

Detected as: "MS IIS FTP NLST BO"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2511

 

BID:

36577

 

Microsoft ID:

MS09-056

 

MSKB:

974571

 

Microsoft Rating:

Important

Internet Explorer X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities

 

Multiple Security Bypass Vulnerabilities

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2

Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

 Windows Server 2008 R2 for Itanium-based Systems

A previously public (Aug 5, 2009) spoofing vulnerability affects the Windows CryptoAPI component when parsing ASN.1 information from an X.509 certificate.

The problem occurs due to an integer overflow when parsing the ASN.1 object identifier.

An attacker can exploit this issue to impersonate a valid user or system; this may aid in further attacks.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2510 

 

BID:

36475

 

Microsoft ID:

974571

 

MSKB:

MS09-056

 

Microsoft Rating:

Important

Microsoft Internet Explorer NULL Byte CA SSL Certificate Validation Security Bypass Vulnerability

 

Security Bypass Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2

Windows 7 for 32-bit Systems

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for Itanium-based Systems

A previously public (Aug 5, 2009) spoofing vulnerability affects the Windows CryptoAPI component when parsing ASN.1 information from an X.509 certificate.

The problem occurs due to an integer overflow when parsing the ASN.1 object identifier.

An attacker can exploit this issue to impersonate a valid user or system; this may aid in further attacks.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2507

 

BID:

36629

 

Microsoft ID:

MS09-057

 

MSKB:

969059

 

Microsoft Rating:

Important

Microsoft Indexing Service ActiveX Control Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability 

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Microsoft Windows XP SP

Microsoft Windows, XP SP3

Microsoft Windows XP Professional x64 Edition SP2

Microsoft Windows  Server 2003 SP2

Microsoft Windows Server 2003 x64 Edition SP2

Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

A remote code-execution vulnerability affects an ActiveX control of the Windows Indexing service because it fails to properly handle malformed URLs.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2515

 

BID:

36623

 

Microsoft ID:

MS09-058

 

MSKB:

971486

 

Microsoft Rating:

Important

Microsoft Windows Kernel Integer Underflow Local Privilege Escalation Vulnerability

 

Local Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A privilege-escalation vulnerability affects the Windows kernel when truncating 64-bit values to 32-bit values.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.

This may facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2516

 

BID:

36624

 

Microsoft ID:

MS09-058

 

MSKB:

971486

 

Microsoft Rating:

Important

Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability

 

Local Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems

A privilege-escalation vulnerability affects the Windows kernel because data passed from user-mode is not properly validated.

A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges.

This may facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2524

 

BID:

36593

 

Microsoft ID:

MS09-059

 

MSKB:

975467

 

 

Microsoft Rating:

Important

 

Microsoft Windows LSASS NTLM implementation Remote Denial of Service Vulnerability 

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Windows XP SP2

Windows XP SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista SP2

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Vista x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

Windows 7 for 32-bit Systems

Windows 7 for x64-based Systems

Windows Server 2008 R2 for x64-based Systems

Windows Server 2008 R2 for Itanium-based Systems

A denial-of-service vulnerability affects Local Security Authority Subsystem Service (LSASS) when processing specially crafted packets during NTLM authentication.

An attacker can exploit this issue to cause the affected system to reboot.

Sig ID: 23501

 

Detected as "RPC Lsass Ntlm Auth Dos"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2518

 

BID:

36651

 

Microsoft ID:

MS09-062

 

MSKB:

957488

 

Microsoft Rating:

Important

Microsoft GDI+ Malformed Office BMP File Integer Overflow Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office XP SP3

A remote code execution vulnerability affects Microsoft Office because of how it handles BMP images in Office files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.

Sig ID:

N/A

AV:

Bloodhound.Exploit.274

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2528

 

BID:

36650

 

Microsoft ID:

MS09-062

 

 

MSKB:

957488

 

Microsoft Rating:

Important

Microsoft GDI+ Malformed Office Object Memory Corruption Remote Code Execution Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office XP SP3

A remote code execution vulnerability affects Microsoft Office because of how it handles certain objects in an Office file.

An attacker can exploit this.issue by tricking an unsuspecting victim into opening a malicious file.

 A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user.

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2517

 

BID:

36625

 

Microsoft ID:

971486

 

 

MSKB:

MS09-058

 

Microsoft Rating:

Moderate

Microsoft Windows Kernel Exception Handler Local Denial Of Service Vulnerability

 

Local Denial Of Service Vulnerability

 

This vulnerability affects the following products:

Windows Server 2003 SP2

A local denial-of-service vulnerability affects the Windows kernel because it fails to handle certain exceptions.

A local attacker can exploit this issue by running a specially crafted application.

A successful exploit will cause the affected computer to restart.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138055


Terms of use for this information are found in Legal Notices