ID and Rating

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-0238

BID:

33870

Microsoft ID:

MS09-009

MSKB:

968557

Microsoft Rating:

Critical

Microsoft Excel Invalid Object Remote Code Execution Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

 Microsoft Office Excel 2000 SP3

Microsoft Office Excel 2002 SP3

Microsoft Office Excel 2003 SP3

Microsoft Office Excel 2007 SP1

 Microsoft Office for Mac

Microsoft Office 2004 for Mac

Microsoft Office 2008 for Mac

Microsoft Office Excel Viewer 2003 SP3

Microsoft Office Excel Viewer

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

A previously disclosed (Feb. 23, 2009) remote code-execution vulnerability affects Excel when handling an invalid object in a specially crafted Excel file.

An attacker can exploit this issue by tricking a victim into opening a malicious file with an affected application.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.226

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0100

BID:

34413

Microsoft ID:

MS09-009

MSKB:

968557

Microsoft Rating:

Critical

Excel Memory Corruption  Vulnerability  

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Microsoft Office Excel 2000 SP3

 Microsoft Office Excel 2002 SP3

 Microsoft Office Excel 2003 SP3

 Microsoft Office Excel 2007 SP1

 Microsoft Office for Mac, Microsoft Office 2004 for Mac

 Microsoft Office 2008 for Mac

 Microsoft Office Excel Viewer

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

A remote code-execution vulnerability affects Excel when handling a specially crafted Excel file.

An attacker can exploit this issue by tricking a victim into opening a malicious file with an affected application.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.234

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0087 

BID:

29769

Microsoft ID:

MS09-010

MSKB:

960477

Microsoft Rating:

Critical

Microsoft Word Bulleted List Handling Remote Memory Corruption Vulnerability 

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Microsoft Office Word 2000 SP3, and Microsoft Office Word 2002 SP3

A previously disclosed (June 17, 2008) remote code-execution vulnerability affects the WordPad and Office text converters.

 An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID:

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0088

BID:

34469

Microsoft ID:

MS09-010

MSKB:

960477

Microsoft Rating:

Critical

Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Microsoft Office Word 2000 SP3

A remote code-execution vulnerability affects the WordPerfect 6.x converter of Microsoft Word 2000.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious WordPerfect file with Word

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0084

BID:

34460

Microsoft ID:

MS09-011

MSKB:

961373

Microsoft Rating:

Critical

Microsoft Directshow MJPEG Decompression Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

DirectX 8.1 and 9.0

A remote code execution vulnerability affects DirectShow when handling a specially crafted compressed ‘MJPEG’ file.

 An attacker can exploit this issue by tricking a victim into viewing a specially crafted streaming video file.

Successful exploits will result in the execution of arbitrary code in the context of the currently logged-in user.

Sig ID:

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0550

BID:

33439

Microsoft ID:

MS09-013

MSKB:

960803

Microsoft Rating:

Critical

Windows HTTP Services Credential Reflection Vulnerability 

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition,Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition, Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

 Windows Vista, Windows Vista SP1, Windows Vista x64 Edition, Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code-execution vulnerability that  affects Windows HTTP service (WinHTTP API) because the service does not properly handle NTLM credentials.

 This issue is similar to the vulnerability discussed in BID 7385 (Microsoft Windows SMB Credential Reflection Vulnerability).

 An attacker that can trick a victim into visiting a malicious server with an application using the affected API, can reflect the victim’s credentials back, and potentially gain access to the victim’s computer.

Note: This issue is also being addressed in MS09-014 Cumulative Security Update for Internet Explorer (963027)

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0086

BID:

34435

Microsoft ID:

MS09-013

MSKB:

960803

Microsoft Rating:

Critical

Windows HTTP Services Integer Underflow Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

 Windows Server 2003 SP1 and SP2

 Windows Server 2003 x64 Edition

 Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista, Windows Vista SP1

 Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

A remote code execution vulnerability affects Windows HTTP services (WinHTTP API) due to how it handles certain parameters returned from a remote Web server.

An attacker must get an application using the affected API to connect to an attacker-controlled server to exploit this issue.

This may be accomplished through social engineering, or through other attacks.

Successful exploits will result in the execution of attacker-supplied code in the context of the application using the API.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0554

BID:

34436

Microsoft ID:

MS09-014

MSKB:

963027

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects Internet Explorer when handling an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: 23327

Detected as "HTTP MSIE Marquee Code Exec"

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0553

BID:

34424

Microsoft ID:

MS09-014

MSKB:

963027

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects Internet Explorer when handling an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0552

BID:

34423

Microsoft ID:

MS09-014

MSKB:

963027

Microsoft Rating:

Critical

Uninitialized Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, and 6 SP1

A remote code-execution vulnerability affects Internet Explorer when handling an object that has not been properly initialized or deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0551

BID:

34438

Microsoft ID:

MS09-014

MSKB:

963027

Microsoft Rating:

Critical

Page Transition Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects Internet Explorer when handling transitions between web pages.

 An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

Successful exploits will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4841

BID:

32718

Microsoft ID:

MS09-010

MSKB:

960477

Microsoft Rating:

Important

Microsoft WordPad Text Converter Remote Code Execution Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2

, Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

 Windows Server 2003 SP1 and SP2

, Windows Server 2003 x64 Edition

 Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

A previously disclosed (December 9, 2008) remote code-execution vulnerability affects the WordPad text converter when processing a file with a malformed list structure.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0235

BID:

34470

Microsoft ID:

MS09-010

MSKB:

960477

Microsoft Rating:

Important

WordPad Word 97 Text Converter Stack Overflow Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

, Windows Server 2003 x64 Edition

 Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems.

A remote code-execution vulnerability affects the WordPad text converter.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Word file with WordPad.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.232

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0080

BID:

34444

Microsoft ID:

MS09-012

MSKB:

959454

Microsoft Rating:

Important

Windows Thread Pool ACL Weakness Vulnerability

Local Elevation of Privilege Vulnerability

This vulnerability affects the following products:

Windows Vista

Windows Vista SP1

 Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A local privilege-escalation vulnerability affects Windows ThreadPool because it places incorrect access control lists (ACLs) on threads.

A local attacker can exploit this issue to execute arbitrary code with 'LocalSystem' privileges.

A successful exploit will result in a complete compromise of an affected computer.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0079

BID:

34443

Microsoft ID:

MS09-012

MSKB:

34443

Microsoft Rating:

Important

Windows RPCSS Service Isolation Vulnerability

Local Elevation of Privilege Vulnerability

This vulnerability affects the following products:

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems.   

A local privilege-escalation vulnerability affects the RPCSS service because it fails to properly isolate processes that run under the 'NetworkService' and 'LocalService' accounts.

An attacker can exploit this issue by running code with ‘NetworkService’ or ‘LocalService’ privileges, to access other processes with the ability to elevate their privileges, to ultimately execute code with ‘LocalSystem’ privileges.

A successful exploit will result in a complete compromise of an affected computer.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0078

BID:

34442

Microsoft ID:

MS09-012

MSKB:

959454

Microsoft Rating:

Important

Windows WMI Service Isolation Vulnerability

Local Elevation of Privilege Vulnerability

This vulnerability affects the following products:

Windows XP SP2 and SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A local privilege-escalation vulnerability affects Windows Management Instrumentation (WMI) because it fails to properly isolate processes that run under the 'NetworkService' and 'LocalService' accounts.

A local attacker with 'NetworkService' or 'LocalService' account access may be able to exploit this issue to gain access to 'SYSTEM' tokens in WMI.

A successful exploit will result in a complete compromise of an affected computer.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1436

BID:

28833

Microsoft ID:

MS09-012

MSKB:

959454

Microsoft Rating:

Important

Microsoft Windows SeImpersonatePrivilege Local Privilege Escalation Vulnerability

Local Elevation of Privilege Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4, Windows XP SP2 and SP3

 Windows XP Professional x64 Edition\Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

A previously disclosed (Apr 17, 2008) local privilege-escalation vulnerability affects Microsoft Distributed Transaction Coordinator (MSDTC) transaction facility.

The problem occurs because the service leaves a 'NetworkService' token that can be impersonated by other processes calls into it.

Specifically, a process with 'SeImpersonatePrivilege' can elevate its privileges to the 'NetworkService' account and execute arbitrary code with the elevated privileges.

Successful attacks could aid in the complete compromise of affected computers.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0089

BID:

34437

Microsoft ID:

MS09-013

MSKB:

960803

Microsoft Rating:

Important

HTTP Services Certificate Name Mismatch Vulnerability

Spoofing Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Professional x64 Edition, Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

A spoofing vulnerability affects Windows HTTP services (WinHTTP API) because it fails to properly validate the fully qualified domain name of the URL against the certificate of the final destination site.

An attacker that can redirect traffic to an alternate site (through DNS poisoning, or other means) can exploit this issue to impersonate the intended site without the knowledge of the victim.

Successful exploits will aid in phishing style attacks; other attacks are also possible.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0550

BID:

34439

Microsoft ID:

MS09-014

MSKB:

963027

Microsoft Rating:

Important

WinINet Remote Code Execution vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4, 6, 6 SP1, and 7

A remote code-execution vulnerability affects the WinINet component of Internet Explorer because the service does not correctly handle NTLM credentials.

This issue is similar to the vulnerability discussed in BID 7385 (Microsoft Windows SMB Credential Reflection Vulnerability).

An attacker that can trick a victim into visiting a malicious website, can reflect the victim’s credentials back, and potentially gain access to the victim’s computer.

Note: This issue is also being addressed in MS09-013 Vulnerabilities in Windows HTTP services could allow Remote Code Execution (960803)

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0077

BID:

34414

Microsoft ID:

MS09-016

MSKB:

961759

Microsoft Rating:

Important

Web Proxy TCP State Limited Denial of Service

Denial of Service Vulnerability

This vulnerability affects the following products:

Microsoft Internet Security and Acceleration Server 2004 Standard SP3

Microsoft Internet Security and Acceleration Server 2004 Enterprise SP3

Microsoft Internet Security and Acceleration Server 2006 Standard Supportability Update

Microsoft Internet Security and Acceleration Server  2006 Standard SP1

Microsoft Internet Security and Acceleration Server  2006 Enterprise

Microsoft Internet Security and Acceleration Server  2006 Enterprise SP1

Microsoft Forefront Threat Management Gateway Medium Business Edition

A remote denial-of-service vulnerability affects Microsoft ISA Server and Forefront Threat Management Gateway due to how they handle the TCP state for web proxy listeners.

Specifically, the state management does not properly handle session state correctly resulting in multiple orphaned sessions.

An attacker can exploit this issue by sending specially crafted network data to an affected server.

Successful exploits will cause the service to become unresponsive.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2540

BID:

29445

Microsoft ID:

MS09-014

MSKB:

963027

Microsoft Rating:

Moderate

Blended Threat Remote Code Execution Vulnerability

Elevation of Privilege Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3, Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Note: Microsoft is also addressing this issue in MS-KB-959426.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2540

BID:

29445

Microsoft ID:

MS09-015

MSKB:

959426

Microsoft Rating:

Moderate

Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability 

Elevation of Privilege Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

 Windows XP SP2 and SP3, Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Note: Microsoft is addressing this issue in the cumulative update for Internet Explorer as well.

Sig ID: N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0237

BID:

34416

Microsoft ID:

MS09-016

MSKB:

961759

Microsoft Rating:

Moderate

Cross Site Scripting Vulnerability

Scripting Vulnerability

This vulnerability affects the following products:

Microsoft Internet Security and Acceleration Server 2006 Standard Supportability Update

 Microsoft Internet Security and Acceleration Server         2006 Standard SP1

Microsoft Internet Security and Acceleration Server 2006 Enterprise

Microsoft Internet Security and Acceleration Server

Microsoft Internet Security and Acceleration Server 2006 Enterprise SP1

Microsoft Forefront Threat Management Gateway Medium Business Edition

A cross-site scripting vulnerability affects ISA Server and Forefront Threat Management Gateway because they fail to properly validate user-supplied input to the ‘cookieauth.dll’ component.

 An attacker can exploit this issue by tricking a unsuspecting victim into following a malicious URL.

Successful exploits will result in the execution of arbitrary script code in the context of the affected site.

Sig ID: 23324

Detected as "HTTP MS ISA Server XSS"

Applicability:

NIS/NAV 2008/2009 (SU156)

NIS/NAV Pre 2008 (SU190)

SCS (SU198) SEP (SU100)

SNS (SU108)

SGS (SU72)   

AV:

N/A

Sygate IDS:

N/A