ID and Rating

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-0566  

BID:

35599

Microsoft ID:

MS09-030        

MSKB:

969516

Microsoft Rating:

Important

Pointer Dereference Vulnerability 

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Office Publisher 2007 SP1

A remote code execution vulnerability affects Publisher due to an error when calculating object handler data when handling legacy file formats.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.260

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0232  

BID:

35187

Microsoft ID:

MS09-029     

MSKB:

961371

Microsoft Rating:

Critical

Embedded OpenType Font Integer Overflow Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2 (32-bit, 64-bit, and Itanium-based systems)

Windows Vista, Vista SP1, and Vista SP2 (32-bit and 64-bit systems)

Windows Server 2008 and Windows Server 2008 SP2 (32-bit, 64-bit, and Itanium-based systems)

A remote code execution vulnerability affects the Embedded OpenType (EOT) font component due to how it parses name tables in specially crafted embedded fonts.

An attacker can exploit this issue by tricking a victim into opening a file or viewing a web page containing malicious embedded fonts.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.262

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1538   

BID:

35600 

Microsoft ID:

MS09-028     

MSKB:

971633

Microsoft Rating:

Critical

DirectX Pointer Validation Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

DirectX 7.0, 8.1, and 9.0

A remote code execution vulnerability affects DirectX due to a validation error when updating certain pointer values.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious QuickTime file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.258   

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0231  

BID:

35186

Microsoft ID:

MS09-029  

MSKB:

961371

Microsoft Rating:

Critical

Embedded OpenType Font Heap Overflow Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2 (32-bit, 64-bit and Itanium-based)

Windows Vista, Vista SP1 and Vista SP2 (32-bit and 64-bit)

Windows Server 2008 (32-bit, 64-bit and Itanium-based)

Windows Server 2008 SP2 (32-bit, 64-bit and Itanium-based)

A remote code execution vulnerability affects the Embedded OpenType (EOT) font component due to how it parses data records in specially crafted embedded fonts.

An attacker can exploit this issue by tricking a victim into opening a file or viewing a web page containing malicious embedded fonts.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.261 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1542 

BID:

35601

Microsoft ID:

MS09-033

MSKB:

969856

Microsoft Rating:

Important

Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability 

Local Privilege-Escalation Vulnerability

This vulnerability affects the following products:

Microsoft Virtual PC 2004 SP1

Microsoft Virtual PC 2007

Microsoft Virtual PC 2007 SP1

Microsoft Virtual PC 2007 x64 Edition

Microsoft Virtual PC 2007 x64 Edition SP1

Microsoft Virtual Server 2005 R2 SP1

Microsoft Virtual Server 2005 R2 SP1 x64 Edition

A local privilege-escalation vulnerability affects Virtual PC and Virtual Server because they improperly validate privilege levels when executing specific instructions.

A local attacker in the guest system can exploit this issue to execute arbitrary code with elevated privileges.

A successful attack may aid in the complete compromise of the guest operating system.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1135

BID:

35631

Microsoft ID:

MS09-031

MSKB:

970811

Microsoft Rating:

Important

Radius OTP Bypass Vulnerability        

Authentication Bypass Vulnerability

This vulnerability affects the following products:

Microsoft Internet Security and Acceleration Server 2006, 2006 Supportability Update, and 2006 SP1  

An authentication bypass vulnerability affects ISA Server when the server is configured with Radius OTP authentication. The problem occurs because the server improperly attempts to authenticate requests with the HTTP-Basic method.

An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources in the context of the selected account.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1539

BID:

35616

Microsoft ID:

MS09-028

MSKB:

971633

Microsoft Rating:

Critical

DirectX Size Validation Vulnerability      

Remote Code Execution Vulnerability

This vulnerability affects the following products:

DirectX 7.0, 8.1, and 9.0

A remote code execution vulnerability affects DirectX due to a failure to properly validate certain fields when processing a QuickTime file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Due to FP concerns, we will skip a BH detection until In-the-wild sample appears.

Sig ID: 23409

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1537 

BID:

35139

Microsoft ID:

Microsoft Security Advisory (971778)

MSKB:

971778

Microsoft Rating:

Critical

Microsoft DirectX DirectShow QuickTime Video  

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Microsoft Windows Server 2003 Service Pack 1 and 2, all editions (including x64 and Itanium)

Microsoft Windows XP Professional x64 Edition

Microsoft Windows XP (32-bit xService Pack 2 and 3

Windows 2000 Service Pack 4

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

All versions of Windows Vista and Windows Server 2008 are not affected by this issue.

Sig ID: 23365

Detected as "HTTP MS DirectX QuickTime Code Exec"

AV:

Bloodhound.Exploit.244

Sygate IDS:

N/A