Symantec product detections for Microsoft monthly Security Advisories - October 2009
| Article:TECH138055 | | | Created: 2010-08-19 | | | Updated: 2013-01-09 | | | Article URL http://www.symantec.com/docs/TECH138055 |
Problem
This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.
Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.
Solution
October 13, 2009
|
ID and Rating |
Description |
Details |
Intrusion Protection System (IPS) Response |
Other Detections |
|
CAN/CVE ID: CVE-2009-2532 BID: 36594 Microsoft ID: MS09-050 MSKB: 975517 Microsoft Rating: Critical |
Microsoft Windows SMB2 Command Line Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Windows Vista Windows Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems x`Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2 |
A remote code execution vulnerability affects Microsoft Server Message Block (SMB) protocol software when handling SMB Multi-Protocol Negotiate Request packets. An attacker can exploit this issue by sending a malicious packet to an affected service. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected service. This may facilitate a complete compromise of an affected computer. |
Sig ID: 23471 Detected as:" MS SMB2 ValidateProviderCallback RCE" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-3103 BID: 36299 Microsoft ID: MS09-050 MSKB: 975517 Microsoft Rating: Critical |
Microsoft Windows SMB2 Command Line Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Windows Vista Windows Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2 |
A previously public (Sep 7, 2009) remote code execution vulnerability affects Microsoft Server Message Block (SMB) protocol software in the ‘_Smb2ValidateProviderCallback()’ function of the ‘srv2.sys’ driver. A remote attacker can exploit this issue by sending a specially crafted SMB packet to an affected service. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the affected service. This may facilitate a complete compromise of an affected computer. |
Sig ID: 23471 Detected as "MS SMB2 ValidateProviderCallback RCE" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2525 BID: 36614 Microsoft ID: MS09-051 MSKB: 975682 Microsoft Rating: Critical |
Microsoft Windows Media Runtime Speech Codec Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager |
A remote code execution vulnerability affects Windows Media Player when handling certain functions in compressed audio files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. |
Sig ID: 23498 Detected as "HTTP Windows Media ASF Code Exec" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2527 BID: 36644 Microsoft ID: MS09-052 MSKB: 974112 Microsoft Rating: Critical |
Microsoft Windows Media Player ASF File Processing Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Windows Media Player 6.4 |
A remote code execution vulnerability affects Windows Media Player when processing ASF files. An attacker can exploit this issue by tricking a victim into opening a specially crafted file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. |
Sig ID: 23504 Detected as "HTTP Windows Media Player BO" |
AV: Bloodhound.Exploit.279 Sygate IDS: |
|
CAN/CVE ID: CVE-2009-2521 BID: 36273 Microsoft ID: MS09-053 MSKB: 975254 Microsoft Rating: Critical |
Microsoft IIS FTPd Globbing Functionality Remote Denial of Service Vulnerability Remote Denial of Service Vulnerability This vulnerability affects the following products: Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 5.1 Microsoft Internet Information Services 6.0 Microsoft Internet Information Services 7.0 |
A previously public (Sep 3, 2009) remote denial-of-service vulnerability affects IIS FTP service when handling wild card characters in the globbing functionality. A remote authenticated attacker can exploit this issue to cause the affected service to stop, and reboot. |
Sig ID: 23501 Detected as: "RPC Lsass Ntlm Auth Dos" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2529 BID: 36621 Microsoft ID: MS09-054 MSKB: 974455 Microsoft Rating: Critical |
Microsoft Internet Explorer HTML Component Handling Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Internet Explorer 5.01 SP4 Internet Explorer 6 SP1 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 |
A remote code execution vulnerability affects Internet Explorer because it fails to properly validate certain arguments of a variant. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2530 BID: 36620 Microsoft ID: MS09-054 MSKB: 974455 Microsoft Rating: Critical |
Microsoft Internet Explorer (CVE-2009-2530) Uninitialized Memory Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Internet Explorer 6 SP1 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 |
A remote code execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized, or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2531 BID: 36616 Microsoft ID: MS09-054 MSKB: 974455 Microsoft Rating: Critical |
Microsoft Internet Explorer (CVE-2009-2531) Memory Corruption Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Internet Explorer 6 SP1 Internet Explorer 6 Internet Explorer 7 Internet Explorer 8 |
A remote code execution vulnerability affects Internet Explorer when it accesses an object that has not been properly initialized, or has been deleted. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2493 BID: 35828 Microsoft ID: MS09-055 MSKB: 973525 Microsoft Rating: Critical |
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Outlook 2002 SP3 Microsoft Office Outlook 2003 SP3 Microsoft Office Outlook 2007 SP1 and SP2 Microsoft Visio 2002 Viewer, and Microsoft Office Visio 2003 Viewer |
A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) because of errors in the ATL headers that instantiate objects from data streams. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. |
Sig ID: 23406 Detected as: "HTTP MS MPEG2TuneRequestControl ActiveX Inst" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-0901 BID: 35832 Microsoft ID: MS09-060 MSKB: 973965 Microsoft Rating: Critical |
Microsoft Visual Studio ATL 'VariantClear()' Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Outlook 2002 SP3 Microsoft Office Outlook 2003 SP3 Microsoft Office Outlook 2007 SP1 and SP2 Microsoft Visio 2002 Viewer Microsoft Office Visio 2003 Viewer Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 SP1 Microsoft Office Visio Viewer 2007 SP2 |
A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) due to an issue in the ATL headers that may allow an attacker to call the ‘VariantClear()’ function on uninitialized variants. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. |
Sig ID: 23406 Detected as "HTTP MS MPEG2TuneRequestControl ActiveX Instantiation" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2493 BID: 35828 Microsoft ID: MS09-060 MSKB: 973965 Microsoft Rating: Critical |
Microsoft Visual Studio Active Template Library COM Object Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Outlook 2002 SP3 Microsoft Office Outlook 2003 SP3 Microsoft Office Outlook 2007 SP1 and SP2 Microsoft Visio 2002 Viewer, and Microsoft Office Visio 2003 Viewer |
A remote code execution vulnerability affects the Microsoft Active Template Library (ATL) because of errors in the ATL headers that instantiate objects from data streams. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. |
Sig ID: 23406 Detected as: "HTTP MS MPEG2TuneRequestControl ActiveX " |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2495 BID: 35830 Microsoft ID: MS09-060 MSKB: 973965 Microsoft Rating: Critical |
Microsoft Visual Studio Active Template Library NULL String Information Disclosure Vulnerability Information Disclosure Vulnerability This vulnerability affects the following products: Microsoft Outlook 2002 SP3 Microsoft Office Outlook 2003 SP3 Microsoft Office Outlook 2007 SP1 and SP2 Microsoft Visio 2002 Viewer, Microsoft Office Visio 2003 Viewer Microsoft Office Visio Viewer 2007 Microsoft Office Visio Viewer 2007 SP1 Microsoft Office Visio Viewer 2007 SP2 |
An information disclosure vulnerability affects the Microsoft Active Template Library (ATL) when reading a string without a trailing NULL character. An attacker can exploit this issue to read additional memory past the end of the string. Information obtained may aid in further attacks. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-0090 BID: 36611 Microsoft ID: MS09-061 MSKB: 973965 Microsoft Rating: Critical |
Microsoft .NET Framework Pointer Verification Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft .NET Framework 1.0 SP3 Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 2.0 SP1 |
A remote code execution vulnerability affects Microsoft .NET Framework because of how Code Access Security (CAS) verifies .NET code. An attacker can exploit this issue by tricking a victim into viewing a malicious web page, by tricking a victim into running a malicious .NET application, or through a web hosting environment to break out of the CAS sandbox. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-0091 BID: 36618 Microsoft ID: MS09-061 MSKB: 974378 Microsoft Rating: Critical |
Microsoft .NET Framework Type Verification Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 SP1 Microsoft .NET Framework 3.5 |
A remote code execution vulnerability affects Microsoft .NET Framework because of how Code Access Security (CAS) verifies .NET code. An attacker can exploit this issue by tricking a victim into viewing a malicious web page, by tricking a victim into running a malicious .NET application, or through a web hosting environment to break out of the CAS sandbox. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2497 BID: 36617 Microsoft ID: MS09-061 MSKB: 974378 Microsoft Rating: Critical |
Microsoft Silverlight and .NET Framework CLR Interface Handling Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 SP1 Microsoft .NET Framework 2.0 SP2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 SP1 Microsoft Silverlight Microsoft Silverlight 2 |
A remote code execution vulnerability affects Microsoft .NET Framework and Silverlight because of how Common Language Runtime (CLR) handles interfaces. An attacker can exploit this issue by tricking a victim into viewing a malicious web page, by tricking a victim into running a malicious .NET application, or through a web hosting environment to break out of the CAS sandbox. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-0555 BID: 36602 Microsoft ID: MS09-051 MSKB: 975682 Microsoft Rating: Critical |
Microsoft Windows Media Runtime Compression ASF File Remote Memory Corruption Vulnerability Remote Memory Corruption Vulnerability This vulnerability affects the following products: DirectShow WMA Voice Codec, Windows Media Audio Voice Decoder, and Audio Compression Manager . |
A remote code execution vulnerability affects Windows Media Player when processing specially crafted Advanced Systems Format (ASF) files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user. |
Sig ID: 23505 Detected as "HTTP MS GDI+ WMF Heap Overflow" |
AV: Bloodhound.Exploit.276 Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2500 BID: 36619 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Critical |
Microsoft GDI+ WMF File Processing Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Internet Explorer 6 SP1 Windows XP SP2 and XP SP3 Microsoft Office XP SP3, Microsoft Office 2003 SP3 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Microsoft Office Project 2002 SP1 Microsoft Visio 2002 SP2 Microsoft Office Word Viewer Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2007 SP1 Microsoft Office PowerPoint Viewer 2007 SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 Microsoft Expression Web Microsoft Expression Web 2, Microsoft Office Groove 2007 Microsoft Office Groove 2007 SP1 Microsoft Works 8.5 SQL Server 2000 Reporting Services SP2 SQL Server 2005 SP2, SQL Server 2005 x64 Edition SP2 SQL Server 2005 for Itanium-based Systems SP2 SQL Server 2005 SP3 SQL Server 2005 x64 Edition SP3 SQL Server 2005 for Itanium-based Systems SP3 Microsoft Report Viewer 2005 SP1 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package SP1 Microsoft Forefront Client Security 1.0 |
A remote code execution vulnerability affects GDI+ because of the way it allocates a buffer size when handling a malicious WMF image file. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: |
AV: Bloodhound.Exploit.273 Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2501 BID: 36645 Microsoft ID: 957488 MSKB: MS09-062 Microsoft Rating: Critical |
Microsoft GDI+ PNG File Processing Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Internet Explorer 6 SP1 Windows XP SP2 and XP SP3 Microsoft Office XP SP3 Microsoft Office 2003 SP3 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Microsoft Office Project 2002 SP1 Microsoft Visio 2002 SP2 Microsoft Office Word Viewer Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2007 SP1 Microsoft Office PowerPoint Viewer 2007 SP2, Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 Microsoft Expression Web Microsoft Expression Web 2 Microsoft Office Groove 2007 Microsoft Office Groove 2007 SP1 Microsoft Works 8.5 SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 SQL Server 2005 x64 Edition SP2 SQL Server 2005 for Itanium-based Systems SP2 SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3 SQL Server 2005 for Itanium-based Systems SP3 Microsoft Report Viewer 2005 SP1 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package SP1 Microsoft Forefront Client Security 1.0 |
A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling PNF image files. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: Bloodhound.Exploit.277 Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2502 BID: 36646 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Critical |
Microsoft GDI+ TIFF File Processing Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Internet Explorer 6 SP1 Windows XP SP2 and XP SP3 Microsoft Office XP SP3, Microsoft Office 2003 SP3 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Microsoft Office Project 2002 SP1, Microsoft Visio 2002 SP2 Microsoft Office Word Viewer Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer, Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2007 SP1 Microsoft Office PowerPoint Viewer 2007 SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 Microsoft Expression Web Microsoft Expression Web 2 Microsoft Office Groove 2007 Microsoft Office Groove 2007 SP1 Microsoft Works 8.5 SQL Server 2000 Reporting Services SP2 SQL Server 2005 SP2, SQL Server 2005 x64 Edition SP2 SQL Server 2005 for Itanium-based Systems SP2 SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3, SQL Server 2005 for Itanium-based Systems SP3 Microsoft Report Viewer 2005 SP1 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package SP1 Microsoft Forefront Client Security 1.0 |
A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling TIFF image files. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: Bloodhound.Exploit.275 Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2503 BID: 36647 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Critical |
Microsoft GDI+ TIFF File Processing Memory Corruption Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Internet Explorer 6 SP1 Windows XP SP2 and XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Microsoft Office XP SP3 Microsoft Office 2003 SP3, 2007 Microsoft Office System SP1, 2007 Microsoft Office System SP2 Microsoft Office Project 2002 SP1, Microsoft Visio 2002 SP2 Microsoft Office Word Viewer Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2007 SP1 Microsoft Office PowerPoint Viewer 2007 SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 Microsoft Expression Web Microsoft Expression Web 2 Microsoft Office Groove 2007 Microsoft Office Groove 2007 SP1 Microsoft Works 8.5, SQL Server 2000 Reporting Services SP2 SQL Server 2005 SP2, SQL Server 2005 x64 Edition SP2, SQL Server 2005 for Itanium-based Systems SP2 SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3 SQL Server 2005 for Itanium-based Systems SP3 Microsoft Report Viewer 2005 SP1 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package, Microsoft Report Viewer 2008 Redistributable Package SP1 Microsoft Forefront Client Security 1.0 |
A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling a TIF image file. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: Bloodhound.Exploit.283 Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2504 BID: 36648 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Critical |
Microsoft GDI+ .NET Framework 'PropertyItem' Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft .NET Framework 1.1 SP1 Microsoft .NET Framework 2.0 SP1 Microsoft .NET Framework 2.0 SP2 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 for Itanium-based Systems, Microsoft Office XP SP3 Microsoft Office 2003 SP3 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Microsoft Office Project 2002 SP1 Microsoft Visio 2002 SP2, Microsoft Office Word Viewer Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2007 SP1 Microsoft Office PowerPoint Viewer 2007 SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 Microsoft Expression Web Microsoft Expression Web 2 Microsoft Office Groove 2007 Microsoft Office Groove 2007 SP1, Microsoft Works 8.5 SQL Server 2000 Reporting Services SP2 SQL Server 2005 SP2 SQL Server 2005 x64 Edition SP2 SQL Server 2005 for Itanium-based Systems SP2 SQL Server 2005 SP3 SQL Server 2005 x64 Edition SP3 SQL Server 2005 for Itanium-based Systems SP3 Microsoft Report Viewer 2005 SP1 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package SP1 Microsoft Forefront Client Security 1.0 |
A remote code execution vulnerability affects GDI+ .NET. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-3126 BID: 36649 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Critical |
Microsoft GDI+ PNG File Integer Overflow Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Internet Explorer 6 SP1 Windows XP SP2 and XP SP3 Microsoft Office XP SP3, Microsoft Office 2003 SP3 2007 Microsoft Office System SP1 2007 Microsoft Office System SP2 Microsoft Office Project 2002 SP1 Microsoft Visio 2002 SP2 Microsoft Office Word Viewer Microsoft Word Viewer 2003 Microsoft Word Viewer 2003 SP3 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2003 SP3 Microsoft Office Excel Viewer Microsoft Office PowerPoint Viewer 2007 Microsoft Office PowerPoint Viewer 2007 SP1 Microsoft Office PowerPoint Viewer 2007 SP2 Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 Microsoft Expression Web Microsoft Expression Web 2 Microsoft Office Groove 2007 Microsoft Office Groove 2007 SP1 Microsoft Works 8.5 SQL Server 2000 Reporting Services SP2 SQL Server 2005 SP2 SQL Server 2005 x64 Edition SP2 SQL Server 2005 for Itanium-based Systems SP SQL Server 2005 SP3, SQL Server 2005 x64 Edition SP3, SQL Server 2005 for Itanium-based Systems SP3 Microsoft Report Viewer 2005 SP1 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package Microsoft Report Viewer 2008 Redistributable Package SP1 Microsoft Forefront Client Security 1.0 |
A remote code execution vulnerability affects GDI+ because of how it allocates memory when handling PNG image files. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content, or by opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-1547 BID: 36622 Microsoft ID: MS09-056 MSKB: 974455 Microsoft Rating: Critical |
Microsoft Internet Explorer Data Stream Header Corruption Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Internet Explorer 5.01 SP4 Internet Explorer 6 SP1 Internet Explorer 6 Internet Explorer 7 |
A remote code execution vulnerability affects Internet Explorer when it processes specific data stream headers. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2526 BID: 36595 Microsoft ID: MS09-050 MSKB: 975517 Microsoft Rating:Important |
Microsoft Windows SMB2 Field Validation Remote Denial of Service Vulnerability Remote Denial of Service Vulnerability This vulnerability affects the following products: Windows Vista Windows Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2 |
A remote denial-of-service vulnerability affects Microsoft Server Message Block (SMB) protocol software when handling specially crafted SMBv2 packets. An attacker can exploit this issue by sending a specially crafted packet to the affected service. An successful exploit will cause the affected computer to stop responding until manually rebooted. |
Sig ID: 23497 Detected as: "MS SMB2 DFS Referral BO" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-3023 BID: 36189 Microsoft ID: MS09-053 MSKB: 975254 Microsoft Rating:Important |
Microsoft IIS FTPd NLST Remote Buffer Overflow Vulnerability Remote Buffer Overflow Vulnerability This vulnerability affects the following products: Microsoft Internet Information Services 5.0 Microsoft Internet Information Services 5.1 Microsoft Internet Information Services 6.0 |
A previously public (Aug 31, 2009) remote code execution vulnerability affects IIS FTP service when handling a specially crafted ‘NLST’ command. An attacker can exploit this issue on Windows 2000 platforms to execute arbitrary code in the context of the affected service. On other platforms, an attacker can cause denial-of-service conditions. |
Sig ID: 23467 Detected as: "MS IIS FTP NLST BO" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2511 BID: 36577 Microsoft ID: MS09-056 MSKB: 974571 Microsoft Rating: Important |
Internet Explorer X.509 Certificate Common Name Encoding Multiple Security Bypass Vulnerabilities Multiple Security Bypass Vulnerabilities This vulnerability affects the following products: Microsoft Windows 2000 SP4 Windows XP SP2 and SP3, Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2 Windows 7 for 32-bit Systems, Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems |
A previously public (Aug 5, 2009) spoofing vulnerability affects the Windows CryptoAPI component when parsing ASN.1 information from an X.509 certificate. The problem occurs due to an integer overflow when parsing the ASN.1 object identifier. An attacker can exploit this issue to impersonate a valid user or system; this may aid in further attacks. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2510 BID: 36475 Microsoft ID: 974571 MSKB: MS09-056 Microsoft Rating: Important |
Microsoft Internet Explorer NULL Byte CA SSL Certificate Validation Security Bypass Vulnerability Security Bypass Vulnerability This vulnerability affects the following products: Microsoft Windows 2000 SP4 Windows XP SP2 and SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems |
A previously public (Aug 5, 2009) spoofing vulnerability affects the Windows CryptoAPI component when parsing ASN.1 information from an X.509 certificate. The problem occurs due to an integer overflow when parsing the ASN.1 object identifier. An attacker can exploit this issue to impersonate a valid user or system; this may aid in further attacks. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2507 BID: 36629 Microsoft ID: MS09-057 MSKB: 969059 Microsoft Rating: Important |
Microsoft Indexing Service ActiveX Control Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Windows 2000 SP4 Microsoft Windows XP SP Microsoft Windows, XP SP3 Microsoft Windows XP Professional x64 Edition SP2 Microsoft Windows Server 2003 SP2 Microsoft Windows Server 2003 x64 Edition SP2 Microsoft Windows Server 2003 with SP2 for Itanium-based Systems |
A remote code-execution vulnerability affects an ActiveX control of the Windows Indexing service because it fails to properly handle malformed URLs. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary code in the context of the currently logged-in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2515 BID: 36623 Microsoft ID: MS09-058 MSKB: 971486 Microsoft Rating: Important |
Microsoft Windows Kernel Integer Underflow Local Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability This vulnerability affects the following products: Microsoft Windows 2000 SP4 Windows XP SP2 and SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista, Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems SP2 |
A privilege-escalation vulnerability affects the Windows kernel when truncating 64-bit values to 32-bit values. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2516 BID: 36624 Microsoft ID: MS09-058 MSKB: 971486 Microsoft Rating: Important |
Microsoft Windows Kernel NULL Pointer Dereference Local Privilege Escalation Vulnerability Local Privilege Escalation Vulnerability This vulnerability affects the following products: Microsoft Windows 2000 SP4 Windows XP SP2 and SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista SP1 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Server 2008 for 32-bit Systems Windows Server 2008 for x64-based Systems Windows Server 2008 for Itanium-based Systems |
A privilege-escalation vulnerability affects the Windows kernel because data passed from user-mode is not properly validated. A local attacker can exploit this issue to execute arbitrary code with kernel-level privileges. This may facilitate a complete compromise of the affected computer. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2524 BID: 36593 Microsoft ID: MS09-059 MSKB: 975467 Microsoft Rating: Important |
Microsoft Windows LSASS NTLM implementation Remote Denial of Service Vulnerability Remote Denial of Service Vulnerability This vulnerability affects the following products: Windows XP SP2 Windows XP SP3 Windows XP Professional x64 Edition SP2 Windows Server 2003 SP2 Windows Server 2003 x64 Edition SP2 Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista SP1 Windows Vista SP2 Windows Vista x64 Edition Windows Vista x64 Edition SP1 Windows Vista x64 Edition SP2 Windows Server 2008 for 32-bit Systems Windows Server 2008 for 32-bit Systems SP2 Windows Server 2008 for x64-based Systems Windows Server 2008 for x64-based Systems SP2 Windows Server 2008 for Itanium-based Systems Windows Server 2008 for Itanium-based Systems SP2 Windows 7 for 32-bit Systems Windows 7 for x64-based Systems Windows Server 2008 R2 for x64-based Systems Windows Server 2008 R2 for Itanium-based Systems |
A denial-of-service vulnerability affects Local Security Authority Subsystem Service (LSASS) when processing specially crafted packets during NTLM authentication. An attacker can exploit this issue to cause the affected system to reboot. |
Sig ID: 23501 Detected as "RPC Lsass Ntlm Auth Dos" |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2518 BID: 36651 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Important |
Microsoft GDI+ Malformed Office BMP File Integer Overflow Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Office XP SP3 |
A remote code execution vulnerability affects Microsoft Office because of how it handles BMP images in Office files. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: Bloodhound.Exploit.274 Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2528 BID: 36650 Microsoft ID: MS09-062 MSKB: 957488 Microsoft Rating: Important |
Microsoft GDI+ Malformed Office Object Memory Corruption Remote Code Execution Vulnerability Remote Code Execution Vulnerability This vulnerability affects the following products: Microsoft Office XP SP3 |
A remote code execution vulnerability affects Microsoft Office because of how it handles certain objects in an Office file. An attacker can exploit this.issue by tricking an unsuspecting victim into opening a malicious file. A successful attack will result in the execution of arbitrary attacker-supplied code with the privileges of the currently logged-in user. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
CAN/CVE ID: CVE-2009-2517 BID: 36625 Microsoft ID: 971486 MSKB: MS09-058 Microsoft Rating: Moderate |
Microsoft Windows Kernel Exception Handler Local Denial Of Service Vulnerability Local Denial Of Service Vulnerability This vulnerability affects the following products: Windows Server 2003 SP2 |
A local denial-of-service vulnerability affects the Windows kernel because it fails to handle certain exceptions. A local attacker can exploit this issue by running a specially crafted application. A successful exploit will cause the affected computer to restart. |
Sig ID: N/A |
AV: N/A Sygate IDS: N/A |
|
|
Related Articles
Legacy ID
2007010813564748
Article URL http://www.symantec.com/docs/TECH138055
Terms of use for this information are found in Legal Notices
Thank you.