Symantec product detections for Microsoft monthly Security Advisories - May 2009

Article:TECH138060  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138060
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



May 12, 2009

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-1131

 

BID:

34841

 

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

 

Microsoft Rating:

Critical

 

Powerpoint Data Out of Bounds Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Office PowerPoint 2000 SP3

A remote code execution vulnerability affects PowerPoint when processing excessive data.

 An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.242

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0224

 

BID:

34879

 

 

Microsoft ID:

MS09-017

 

 

MSKB:

967340

 

Microsoft Rating:

Critical

 

Powerpoint Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, 2007 SP1, and 2007 SP2

 Microsoft Office 2004 for Mac

 Microsoft Office 2008 for Mac

 OpenXML File Format Converter for Mac

Microsoft Office PowerPoint Viewer 2003 SP3

Microsoft Office PowerPoint Viewer

 Microsoft Office Compatibility Pack for Word, Excel and PowerPoint 2007 File Formats SP2

Microsoft Works 8.

Microsoft Works 9.0

 

 

A remote code execution vulnerability affects PowerPoint when handling an invalid record type.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.239

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1137

 

BID:

34876

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

 

Powerpoint Legacy File Format Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1129

 

BID:

34839

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint PP7 Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 95 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1128

 

BID:

34837

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint PP7 Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 95 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0556

 

BID:

34351

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

PowerPoint File Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3

Microsoft Office 2004 for Mac

A previously public (April 2, 2009) remote code execution vulnerability affects PowerPoint because an object is improperly de-referenced during file parsing.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.231

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0227

 

BID:

34882

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint Legacy File Format Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

 

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0226

 

BID:

34881

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint Legacy File Format Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0225

 

BID:

34880

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint PP7 Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2002 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 95 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0223

 

BID:

34834

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint Legacy File Format Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

 A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0222

 

BID:

34831

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

Powerpoint Legacy File Format Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0220

 

BID:

34833

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Critical

 

Powerpoint Legacy File Format Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-1130

 

BID:

34840

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Important

Powerpoint Heap Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2002 SP3, 2003 SP3

Microsoft Office 2004 for Mac

A remote code execution vulnerability affects PowerPoint when reading a malformed structure value.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.240

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0221

 

BID:

34835

 

Microsoft ID:

MS09-017

 

MSKB:

967340

 

Microsoft Rating:

Important

Powerpoint Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Microsoft Office PowerPoint 2000 SP3, 2002 SP3 and 2003 SP3

A remote code execution vulnerability affects PowerPoint when processing sound data

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted PowerPoint 4.0 file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.241

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138060


Terms of use for this information are found in Legal Notices