Symantec product detections for Microsoft monthly Security Advisories - September 2009

Article:TECH138056  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138056
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



September 08, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-1920

 

BID:

36224

 

Microsoft ID:

MS09-045

 

MSKB:

971961

 

Microsoft Rating:

Critical

Microsoft JScript Scripting Engine Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

JScript 5.6, 5.7, and 5.8

A remote code execution vulnerability affects the Jscript scripting engine because of how it decodes script in Web pages.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1132

 

BID:

36223

 

Microsoft ID:

MS09-046

 

MSKB:

970710

 

Microsoft Rating:

Critical

Microsoft Windows Wireless LAN AutoConfig Frame Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

A remote code execution vulnerability affects the Wireless LAN AutoConfig service (wlansvc) when handling specific frames over the wireless network.

An attacker in physical proximity to a vulnerable computer can exploit this issue by sending specifically malformed wireless packets.

A successful exploit will result in the execution of arbitrary attacker-supplied code facilitating a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2498

 

BID:

36225

 

Microsoft ID:

MS09-047

 

MSKB:

973812

 

Microsoft Rating:

Critical

Microsoft Windows Media Format ASF Header Invalid Free Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Media Format Runtime 9.0. 9.5, 9.5 x64 Edition, and 11

Windows Media Services 9.1 and 2008

A remote code execution vulnerability affects Microsoft Windows when handling ASF format files containing a malformed header.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.271

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2499

 

BID:

36228

 

Microsoft ID:

MS09-047

 

MSKB:

973812

 

Microsoft Rating:

Critical

Microsoft Windows Media Format MP3 Metadata Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Media Format Runtime 9.0. 9.5, 9.5 x64 Edition, and 11

A remote code execution vulnerability affects Microsoft Windows when handling MP3 media files containing specially crafted metadata.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.270

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4609

 

BID:

31545

 

Microsoft ID:

MS09-048

 

MSKB:

967723

 

Microsoft Rating:

Critical

TCP/IP Protocol Stack Unspecified Remote Denial Of Service Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

This is a previously publicly disclosed (Oct. 2, 2008) denial of service vulnerability affects Windows TCP/IP.

An attacker can exploit this issue by completing a three-way handshake with the vulnerable computer, then flooding the computer with additional connection requests.

A successful attack will cause the system to become unresponsive, effectively denying service to legitimate users.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1925

 

BID:

36265

 

Microsoft ID:

MS09-048

 

MSKB:

967723

 

Microsoft Rating:

Critical

Microsoft Windows TCP/IP TimeStamps Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A remote code-execution vulnerability affects the Windows TCP/IP stack because it fails to properly clean up state information.

An attacker can exploit this issue by sending specially crafted TCP/IP packets to the vulnerable computer.

A successful attack will result in the execution of arbitrary attacker-supplied code aiding in a complete compromise of the affected system.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1926

 

BID:

36269

 

Microsoft ID:

MS09-048

 

MSKB:

967723

 

Microsoft Rating:

Critical

Microsoft Windows TCP/IP Orphaned Connection Remote Denial of Service Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products:

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A denial of service vulnerability affects Windows TCP/IP due to an error when processing specially crafted TCP packets with a small or zero TCP receive size.

An attacker can exploit this issue by flooding an affected computer with specially crafted packets.

A successful attack will cause the service to become unresponsive, effectively denying service to legitimate users.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-2519

 

BID:

36280

 

Microsoft ID:

MS09-049

 

MSKB:

956844

 

Microsoft Rating:

Critical

Microsoft DHTML Editing Component ActiveX Control

Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2, and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based System

A remote code execution vulnerability affects the DHTML Editing Component ActiveX control.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a webpage containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the application running the control (typically Internet Explorer).

 

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138056


Terms of use for this information are found in Legal Notices