Symantec product detections for Microsoft monthly Security Advisories - February 2009

Article:TECH138065  |  Created: 2010-08-19  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH138065
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



February 10, 2009

 

ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2009-0098

 

BID: 33134

 

 

Microsoft ID:

MS09-003

KB – 959239

 

Microsoft Rating:

Critical

 

Microsoft Exchange Server TNEF Decoding Remote Command Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Exchange Server 2000 SP3

Microsoft Exchange Server 2003 SP2

Microsoft Exchange Server 2007

Microsoft Exchange Server 2007 SP1

This is a remote code-execution vulnerability affecting Microsoft Exchange Server due to how it handles Transport Neutral Encapsulation Format (TNEF) data.

Attackers can exploit this issue by sending a specially crafted email message to an affected server.

A successful exploit will result in the execution of attacker-supplied code in the context of the affected service

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0099

 

BID: 33136

 

Microsoft ID:

MS09-003

KB – 959239

 

Microsoft Rating:

Important

 

Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Exchange Server 2000 SP3

Microsoft Exchange Server 2003 SP2

This is a denial-of-service vulnerability affecting the EMSMDB32 (Electronic Messaging System Microsoft Data Base, 32 bit build) component of Microsoft Exchange.

An attacker can exploit this issue by sending a specially malformed MAPI command to an affected application.

A successful exploit will cause the application to stop responding, effectively denying service to legitimate users.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0075

 

BID: 33627

 

Microsoft ID:

MS09-002

KB – 961260

 

Microsoft Rating:

Critical

Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer due to how it handles an object that has been deleted.

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0076

 

BID: 33628

 

Microsoft ID:

MS09-002

KB – 961260

 

Microsoft Rating:

Critical

 

Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer due to how it handles certain styles in a cascading style sheet (CSS).

An attacker can exploit this issue by tricking a victim into viewing a web page containing malicious content.

A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

Bloodhound.Exploit.225

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-5416

 

BID: 32710

 

 

Microsoft ID:

MS09-004

KB – 959420

 

Microsoft Rating:

Important

 

Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

SQL Server 2000 SP4

SQL Server 2000 Itanium-based Edition SP4

SQL Server 2005 SP1 and SP2

SQL Server 2005 x64 Edition SP1 and SP2

SQL Server 2005 with SP1 and SP2 for Itanium-based Systems

Microsoft SQL Server 2000 Desktop Engine (MSDE 2000) SP4

Microsoft SQL Server 2005 Express Edition SP1 and SP2

Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2

Microsoft SQL Server 2000 Desktop Engine (WMSDE)

Windows Internal Database (WYukon) SP2

This is a previously public remote code-execution vulnerability affecting Microsoft SQL Server.

The issue occurs when the server handles the 'sp_replwritetovarbin' extended stored procedure call. By supplying several uninitialized variables as parameters to the call, an attacker can write to a controlled memory location.

An attacker needs the ability to execute arbitrary SQL on an affected server to exploit this issue. This could occur through legitimate means or through exploit other latent SQL injection vulnerabilities.

Successful exploits will result in the execution of attacker-supplied code in the context of the affected service.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0095

 

BID: 33659

 

Microsoft ID:

MS09-005

KB – 957634

 

Microsoft Rating:

Important

 

Microsoft Visio Object Validation Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Office Visio 2002 SP2

Microsoft Office Visio 2003 SP3

Microsoft Office Visio 2007 Viewer

Microsoft Office Visio 2007 Viewer SP1

This is a remote code-execution vulnerability affecting Microsoft Visio because it does not properly validate object data when opening a Visio file.

An attacker can exploit this issue by tricking a victim into opening a malicious file.

Successful attacks will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0096

 

BID: 33660

 

Microsoft ID:

MS09-005

KB – 957634

 

Microsoft Rating:

Important

 

Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Office Visio 2002 SP2

Microsoft Office Visio 2003 SP3

Microsoft Office Visio 2007 SP1

This is a remote code-execution vulnerability affecting Microsoft Visio because of how it copies object data in memory.

An attacker can exploit this issue by tricking a victim into opening a malicious file.

Successful attacks will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2009-0097

 

BID: 33661

 

Microsoft ID:

MS09-005

KB – 957634

 

Microsoft Rating:

Important

 

Microsoft Visio Memory Corruption Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Office Visio 2002 SP2

Microsoft Office Visio 2003 SP3

This is a remote code-execution vulnerability affecting Microsoft Visio because of a memory handling error when opening a Visio file.

An attacker can exploit this issue by tricking a victim into opening a malicious file.

Successful attacks will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

MSKB: 960715

 

 

Cumulative Security Update of ActiveX Kill Bits

Microsoft is releasing a security advisory that sets the kill-bit for a number of third-party components and previously addressed MS issues:

Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution (932349) Bulletin MS08-070. This is a defense in-depth; setting kill-bits for already addressed issues.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2007010813564748


Article URL http://www.symantec.com/docs/TECH138065


Terms of use for this information are found in Legal Notices