Symantec product detections for Microsoft monthly Security Advisories - July 2009

Article:TECH138058  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138058
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



July 14, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-0566  

 

BID:

35599

 

Microsoft ID:

MS09-030        

 

MSKB:

969516

 

Microsoft Rating:

Important

Pointer Dereference Vulnerability 

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Office Publisher 2007 SP1

A remote code execution vulnerability affects Publisher due to an error when calculating object handler data when handling legacy file formats.

 

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

 

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: N/A

AV:

Bloodhound.Exploit.260

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0232  

 

BID:

35187

 

Microsoft ID:

MS09-029     

 

MSKB:

961371

 

Microsoft Rating:

Critical

Embedded OpenType Font Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2 (32-bit, 64-bit, and Itanium-based systems)

Windows Vista, Vista SP1, and Vista SP2 (32-bit and 64-bit systems)

Windows Server 2008 and Windows Server 2008 SP2 (32-bit, 64-bit, and Itanium-based systems)

A remote code execution vulnerability affects the Embedded OpenType (EOT) font component due to how it parses name tables in specially crafted embedded fonts.

 

An attacker can exploit this issue by tricking a victim into opening a file or viewing a web page containing malicious embedded fonts.

 

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

 

Sig ID: N/A

AV:

Bloodhound.Exploit.262

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1538   

 

BID:

35600 

 

Microsoft ID:

MS09-028     

 

MSKB:

971633

 

Microsoft Rating:

Critical

DirectX Pointer Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

DirectX 7.0, 8.1, and 9.0

A remote code execution vulnerability affects DirectX due to a validation error when updating certain pointer values.

 

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious QuickTime file.

 

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

 

Sig ID: N/A

AV:

Bloodhound.Exploit.258   

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0231  

 

BID:

35186

 

Microsoft ID:

MS09-029  

 

MSKB:

961371

 

Microsoft Rating:

Critical

Embedded OpenType Font Heap Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2 (32-bit, 64-bit and Itanium-based)

Windows Vista, Vista SP1 and Vista SP2 (32-bit and 64-bit)

Windows Server 2008 (32-bit, 64-bit and Itanium-based)

Windows Server 2008 SP2 (32-bit, 64-bit and Itanium-based)

A remote code execution vulnerability affects the Embedded OpenType (EOT) font component due to how it parses data records in specially crafted embedded fonts.

 

An attacker can exploit this issue by tricking a victim into opening a file or viewing a web page containing malicious embedded fonts.

 

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

 

Sig ID: N/A

AV:

Bloodhound.Exploit.261 

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1542 

 

BID:

35601

 

Microsoft ID:

MS09-033

 

MSKB:

969856

 

Microsoft Rating:

Important

Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability 

 

Local Privilege-Escalation Vulnerability

 

This vulnerability affects the following products:

Microsoft Virtual PC 2004 SP1

Microsoft Virtual PC 2007

Microsoft Virtual PC 2007 SP1

Microsoft Virtual PC 2007 x64 Edition

Microsoft Virtual PC 2007 x64 Edition SP1

Microsoft Virtual Server 2005 R2 SP1

Microsoft Virtual Server 2005 R2 SP1 x64 Edition

A local privilege-escalation vulnerability affects Virtual PC and Virtual Server because they improperly validate privilege levels when executing specific instructions.

 

A local attacker in the guest system can exploit this issue to execute arbitrary code with elevated privileges.

 

A successful attack may aid in the complete compromise of the guest operating system.

 

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1135

 

BID:

35631

 

Microsoft ID:

MS09-031

 

MSKB:

970811

 

Microsoft Rating:

Important

Radius OTP Bypass Vulnerability        

 

Authentication Bypass Vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Security and Acceleration Server 2006, 2006 Supportability Update, and 2006 SP1  

An authentication bypass vulnerability affects ISA Server when the server is configured with Radius OTP authentication. The problem occurs because the server improperly attempts to authenticate requests with the HTTP-Basic method.

 

An attacker with knowledge of a valid account name can exploit this issue to bypass authentication and gain access to arbitrary resources in the context of the selected account.

 

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1539

 

BID:

35616

 

Microsoft ID:

MS09-028

 

MSKB:

971633

 

Microsoft Rating:

Critical

DirectX Size Validation Vulnerability      

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

DirectX 7.0, 8.1, and 9.0

A remote code execution vulnerability affects DirectX due to a failure to properly validate certain fields when processing a QuickTime file. An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

 

Due to FP concerns, we will skip a BH detection until In-the-wild sample appears.

 

Sig ID: 23409

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1537 

 

BID:

35139

 

Microsoft ID:

Microsoft Security Advisory (971778)

 

MSKB:

971778

 

Microsoft Rating:

Critical

Microsoft DirectX DirectShow QuickTime Video  

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows Server 2003 Service Pack 1 and 2, all editions (including x64 and Itanium)

Microsoft Windows XP Professional x64 Edition

Microsoft Windows XP (32-bit xService Pack 2 and 3

Windows 2000 Service Pack 4

In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to convince them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. After they click the link, they would be prompted to perform several actions. An attack could only occur after they performed these actions.

 

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

All versions of Windows Vista and Windows Server 2008 are not affected by this issue.

Sig ID: 23365

 

Detected as "HTTP MS DirectX QuickTime Code Exec"

AV:

Bloodhound.Exploit.244

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138058


Terms of use for this information are found in Legal Notices