Symantec product detections for Microsoft monthly Security Advisories - June 2009

Article:TECH138059  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138059
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



June 9, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-1138

 

BID:

35226

 

Microsoft ID:

MS09-018

 

MSKB:

971055

 

Microsoft Rating:

Critical

Active Directory Invalid Free Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Active Directory

A remote code execution vulnerability affects Active Directory when handling LDAP and LDAPS requests.

An attacker can exploit this issue by sending a specially crafted LDAP or LDAPS request to an affected server.

A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

This will facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1140

 

BID:

35200

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical

Active Directory Invalid Free Vulnerability

 

Cross-Domain Information Disclosure Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A cross-domain information disclosure vulnerability affects Internet Explorer because of how it allows cached data to be called.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page.

A successful exploit will result in the disclosure of potentially sensitive information across domains.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1141

 

BID:

35198

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical

DHTML Object Memory Corruption

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A remote code-execution vulnerability affects DHTML component of Internet Explorer when handling certain method calls to HTML objects.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1528

 

BID:

35222

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical

HTML Object Memory Corruption

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1529

 

BID:

35223

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1530

 

BID:

35224

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical

HTML Objects Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1531

 

BID:

35234

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical             

HTML Objects Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted.

 An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1532

 

BID:

35235

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Critical

HTML Objects Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

Internet Explorer 8

A remote code-execution vulnerability affects Internet Explorer due to how it accesses an object that has not been properly initialized or has been deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0549

 

BID:

35215

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Critical

Record Pointer Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

Office Excel 2002 SP3

Office Excel 2003 SP3

Office for Mac 2004

Office for Mac 2008

Office Excel Viewer 2003 SP3

Works 8.5 and 9

A remote code-execution vulnerability affects Excel due to pointer corruption when processing a malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.252

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0561

 

BID:

35245

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Critical

Record Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

Office Excel 2002 SP3

Office Excel 2003 SP3

Office Excel 2007 SP1 and SP2

Office for Mac 2004

Office for Mac 2008

Office Excel Viewer 2003 SP3

Office Excel Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Works 8.5 and 9

Office SharePoint Server 2007

A remote code-execution vulnerability affects Excel when processing a file with malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID:  23369

 

Detected as HTTP MS Excel Remote Code Exec

AV:

Bloodhound.Exploit.251

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0557

 

BID:

35241

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Critical

Object Record Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

Office Excel 2002 SP3, Office Excel 2003 SP3

Office Excel 2007 SP1 and SP2

Office for Mac 2004

Office for Mac 2008

Office Excel Viewer 2003 SP3

Office Excel Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

A remote code-execution vulnerability affects Excel due to pointer corruption when processing a malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.245

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0560

 

BID:

35244

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Critical

Field Sanitization Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

Office Excel 2002 SP3, Office Excel 2003 SP3

Office Excel 2007 SP1 and SP2

Office for Mac 2004

Office for Mac 2008, Office Excel Viewer 2003 SP3

Office Excel Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

A remote code-execution vulnerability affects Excel due to improper field sanitization when processing a file with a malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.250

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0559

 

BID:

35243

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Critical

 

String Copy Stack-Based Overrun Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

Office Excel 2002 SP3

Office for Mac 2004

Works 8.5 and 9

A remote code-execution vulnerability affects Excel due to an improper string copy operation when processing a malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.249

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0558

 

BID:

35242

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Critical

 

Array Indexing Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

Office for Mac 2004

Office for Mac 2008

 

A remote code-execution vulnerability affects Excel due to incorrect array indexing when processing a malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23366

 

Detected as "HTTP MS Excel Unauthenticated RCE"

 

AV:

 Bloodhound.Exploit.247

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0228

 

BID:

35206

 

Microsoft ID:

MS09-022

 

MSKB:

961501

 

Microsoft Rating:

Critical

Buffer Overflow in Print Spooler Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

A remote code execution vulnerability affects the Print Spooler service when handling certain printing data structures.

An attacker can exploit this issue by setting up a malicious print server and tricking a victim into connecting to it.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of SYSTEM.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1533

 

BID:

35184

 

Microsoft ID:

MS09-024

 

MSKB:

957632

 

Microsoft Rating:

Critical

File Converter Buffer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office 2000 SP3

Microsoft Office XP SP3, Microsoft Office 2003 SP3

Microsoft Office 2007 SP1

Microsoft Works 8.5, and 9.0

A remote code execution vulnerability affects Works for Windows document converter when handling specially crafted Works files.

 An attacker can exploit this issue by tricking a victim into opening a malicious ‘.wps’ file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID:

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0565

 

BID:

35190

 

Microsoft ID:

MS09-027

 

MSKB:

969514

 

Microsoft Rating:

Critical

Word Buffer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Office Word 2000 SP

 Office Word 2002 SP3

Office Word 2007 SP1 and SP2

Office for Mac 2004

Office for Mac 2008

Open XML File Format Converter for Mac

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

A remote code-execution vulnerability affects Word when processing a file with a malformed record.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Word file.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1139

 

BID:

35225

 

Microsoft ID:

MS09-018

 

MSKB:

971055

 

Microsoft Rating:

Important

Active Directory Memory Leak Vulnerability

 

Remote Denial of Service Vulnerability

 

This vulnerability affects the following products

Active Directory

Active Directory Application Mode (ADAM)

A remote denial-of-service vulnerability affects Active Directory when handling LDAP and LDAPS requests.

An attacker can exploit this issue by sending a specially crafted LDAP or LDAPS request to an affected server.

 A successful exploit will cause the affected computer to stop responding, effectively denying service.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-3091

 

BID:

24283

 

Microsoft ID:

MS09-019

 

MSKB:

969897

 

Microsoft Rating:

Important

Microsoft Internet Explorer JavaScript Cross Domain Information Disclosure Vulnerability

 

Cross-Domain Information Disclosure Vulnerability

 

This vulnerability affects the following products:

Internet Explorer 6

Internet Explorer 6 SP1

Internet Explorer 7

A previously public (June 4, 2007) cross-domain information disclosure vulnerability affects Internet Explorer due to a race condition when navigating between web pages.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page.

A successful exploit will result in the disclosure of potentially sensitive information across domains.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1535

 

BID:

34993

 

Microsoft ID:

MS09-020

 

MSKB:

970483

 

Microsoft Rating:

Important

IIS 5.1 and 6.0 WebDAV authentication bypass

 

Authentication bypass vulnerability

 

This vulnerability affects the following products

Microsoft Internet Information Services (IIS) 5.1 and 6.0

A previously public (May 15, 2009) authentication-bypass vulnerability affects the WebDAV extension of Internet Information Services (IIS) because it fails to properly handled Unicode-encoded '/' characters.

An attacker can leverage this issue to list contents of protected folders without providing a password.

Attackers may also be able to download, upload, or modify files within protected folders.

Sig ID: 23358

 

Detected as "HTTP IIS WebDav Remote Authentication ByPass"

 

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1122

 

BID:

35232

 

Microsoft ID:

MS09-020

 

MSKB:

970483

 

Microsoft Rating:

Important

WebDAV authentication bypass

 

Authentication bypass vulnerability

 

This vulnerability affects the following products:

Microsoft Internet Information Services (IIS) 5.0

An authentication-bypass vulnerability affects the WebDAV extension of Internet Information Services (IIS) when handling specially crafted HTTP requests.

 A remote attacker can exploit this issue to gain access to arbitrary resources with the ‘anonymous’ account access.

A successful attack may result in the disclosure of potentially sensitive information or allow the attacker to write to arbitrary files; this may aid in further attacks.

Sig ID: 23368

 

Detected as "HTTP IIS WebDav Remote Authentication ByPass"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1134

 

BID:

35246

 

Microsoft ID:

MS09-021

 

MSKB:

969462

 

Microsoft Rating:

Important

Record Pointer Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office Excel 2007 SP1 and SP2

Office Excel Viewer 2003 SP3

Office Excel Viewer

A remote code-execution vulnerability affects Excel due to record pointer corruption when processing a file with a malformed record object.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Excel file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.254

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0230

 

BID:

35209

 

Microsoft ID:

MS09-022

 

MSKB:

961501

 

Microsoft Rating:

Important

Print Spooler Load Library Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4, Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista,Vista SP1 and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A remote code execution vulnerability affects the Print Spooler service because it does not properly validate the paths to DLL files.

An attacker with “Manage Printer” privileges can exploit this issue by placing a malicious DLL file at an attacker controlled location, and instructing the Print Spooler to load the malicious DLL.

A successful exploit will result in the execution of attacker-supplied code with SYSTEM-level privileges.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1124

 

BID:

35238

 

Microsoft ID:

MS09-025

 

MSKB:

968537

 

Microsoft Rating:

Important

Windows Kernel Pointer Validation Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2       

A local privilege-escalation vulnerability affects the Windows kernel because it does not properly validate certain pointers passed from user mode.

 A local attacker can exploit this issue by running specially crafted code on the local system.

 A successful exploit will result in the attacker’s code running with kernel-level privileges.

 This may facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1123

 

BID:

35121

 

Microsoft ID:

MS09-025

 

MSKB:

968537

 

Microsoft Rating:

Important

Windows Kernel Desktop Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2, Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems SP2

A previously public (Feb. 11, 2008) local privilege-escalation vulnerability affects the Windows kernel because it does not properly validate changes in certain kernel objects.

A local attacker can exploit this issue by running specially crafted code on the local system.

A successful exploit will result in the attacker’s code running with kernel-level privileges.

 This may facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1125

 

BID:

35240

 

Microsoft ID:

MS09-025

 

MSKB:

968537

 

Microsoft Rating:

Important

Windows Driver Class Registration Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

 Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A local privilege-escalation vulnerability affects the Windows kernel because it does not properly validate arguments to certain kernel system calls.

 An attacker can exploit this issue by running specially crafted code on the local system.

A successful exploit will result in the attacker’s code running with kernel-level privileges. This may facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1126

 

BID:

35120

 

Microsoft ID:

MS09-025

 

MSKB:

968537

 

Microsoft Rating:

Important

Windows Desktop Parameter Edit Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

A previously public (Feb. 2, 2009) local privilege-escalation vulnerability affects the Windows kernel because it does not properly validate input passed from user mode to kernel mode when editing a specific desktop parameter.

An attacker can exploit this issue by running specially crafted code on the local system. A successful exploit will result in the attacker’s code running with kernel-level privileges.

 This may facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0568

 

BID:

35219

 

Microsoft ID:

MS09-026

 

MSKB:

970238

 

Microsoft Rating:

Important

RPC Marshalling Engine Vulnerability

 

Remote Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems, Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A previously public remote privilege-escalation vulnerability affects the RPC Marshalling engine because it does not properly update the internal state, resulting in a pointer being read from an incorrect location.

A remote authenticated attacker can exploit this issue by sending a specially crafted RPC request to the affected service.

A successful exploit will result in the execution of arbitrary attacker-supplied code with SYSTEM-level privileges.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0563

 

BID:

35188

 

Microsoft ID:

MS09-027

 

MSKB:

969514

 

Microsoft Rating:

Important

Word Buffer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Office Word 2002 SP3

Office Word 2003 SP3

Office Word 2007 SP1 and SP2

Office for Mac 2004

Office for Mac 2008

Open XML File Format Converter for Mac

Office Word Viewer 2003 SP3

Office Word Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2

A remote code-execution vulnerability affects Word when processing a file with a malformed record.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Word file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0229

 

BID:

35208

 

Microsoft ID:

MS09-022

 

MSKB:

961501

 

Microsoft Rating:

Moderate

Print Spooler Read File Vulnerability

 

Local Information Disclosure Vulnerability

 

This vulnerability affects the following products:

Microsoft Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP2

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP2 for Itanium-based Systems

Windows Vista, Vista SP1, and Vista SP2

Windows Vista x64 Edition, x64 Edition SP1, and x64 Edition SP2

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for 32-bit Systems SP2

Windows Server 2008 for x64-based Systems

Windows Server 2008 for x64-based Systems SP2

Windows Server 2008 for Itanium-based Systems

Windows Server 2008 for Itanium-based Systems SP2

A local information disclosure vulnerability affects the Print Spooler service because it does not properly check if files can be included from a “separator” page.

A local attacker can exploit this issue to read or print arbitrary files on the local system. Information obtained may aid in further attacks.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0239

 

BID:

35220

 

Microsoft ID:

MS09-023

 

MSKB:

963093

 

Microsoft Rating:

Moderate

Script Execution in Windows Search Vulnerability

 

Remote Information Disclosure Vulnerability

 

A remote information disclosure vulnerability affects Windows Search because it does not properly restrict the environment that search scripts run.

An attacker can exploit this issue by sending a specially crafted search script, or email containing a search script to a victim and enticing the victim to run a search that results in the file or indexed mail being returned first.

 When the file is processed, the attacker-supplied search script will run in the context of the local machine zone (LMZ).

A successful exploit will result in the disclosure of arbitrary local data in the context of the victim.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138059


Terms of use for this information are found in Legal Notices