Symantec product detections for Microsoft monthly Security Advisories - December 2008

Article:TECH139956  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139956
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



December 9, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-4252

 

BID:

32591

 

Microsoft ID:

MS08-070

MSKB:

932349

 

Microsoft Rating:

Critical

DataGrid Control Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Visual Basic 6.0 Runtime Extended Files

Visual FoxPro 8.0 SP1

Visual FoxPro 9.0 SP1 and SP2

This is a remote code-execution vulnerability affecting the DataGrid ActiveX control for Visual Basic 6

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user

Sig ID: 23187

 

Detected as "HTTP MS Datagrid ActiveX BO"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4253

 

BID:

32592

 

Microsoft ID:

MS08-070

MSKB:

932349

 

Microsoft Rating:

Critical

 

 

 

 

 

FlexGrid Control Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Visual Basic 6.0 Runtime Extended Files

Visual FoxPro 8.0 SP1

Visual FoxPro 9.0 SP1 and SP2

Office Front Page 2002 SP3

Office Project 2003 SP3

This is a remote code-execution vulnerability affecting the FlexGrid ActiveX control for Visual Basic 6

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user

Sig ID: 23192

 

Detected as "HTTP MS FlexGrid Memory Corruption"

 

Canary Sig ID: 50202

 

Detected as "MSIE MS FlexGrid Memory Corruption"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4254

 

BID:

32612

 

Microsoft ID:

MS08-070

MSKB:

932349

 

Microsoft Rating:

Critical

Hierarchical FlexGrid Control Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Visual Basic 6.0 Runtime Extended Files

"Visual FoxPro 8.0 SP1

"Visual FoxPro 9.0 SP1 and SP2

This is a remote code-execution vulnerability affecting the Hierarchical FlexGrid ActiveX control for Visual Basic 6

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user

Sig ID: 23188

 

Detected as "HTTP MS DataGrid Memory Corruption"

 

Canary Sig ID: 50201

Detected as "MSIE MS DataGrid Mem Corruption"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4255

 

BID:

 32613

 

Microsoft ID:

MS08-070

MSKB:

932349

 

Microsoft Rating:

Critical

 

Microsoft Rating:

Windows Common AVI Parsing Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Visual Basic 6.0 Runtime Extended Files

Visual Studio .NET 2002 SP1

Visual Studio .NET 2003 SP1

Visual FoxPro 8.0 SP1

Visual FoxPro 9.0 SP1 and SP2

Office Project 2003 SP3

Office Project 2007

Office Project 2007 SP1

This is a remote code-execution vulnerability affecting the Windows Common ActiveX control for Visual Basic 6

The vulnerability occurs due to the manner in which malformed AVI files are processed

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4256

 

BID:

32614

 

Microsoft ID:

MS08-070

MSKB:

932349

 

Microsoft Rating:

Critical

 

 

Charts Control Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Visual Basic 6.0 Runtime Extended Files

Visual Studio .NET 2002 SP1

Visual Studio .NET 2003 SP1

Visual FoxPro 8.0 SP1

Visual FoxPro 9.0 SP1 and SP2

This is a remote code-execution vulnerability affecting the Charts ActiveX control for Visual Basic 6

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3704

 

BID:

30674

 

Microsoft ID:

MS08-070

MSKB:

932349

 

Microsoft Rating:

Critical

 

Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Visual Basic 6.0 Runtime Extended Files

Visual Studio .NET 2002 SP1

Visual Studio .NET 2003 SP1

Visual FoxPro 8.0 SP1

Visual FoxPro 9.0 SP1 and SP2

This is a remote code-execution vulnerability affecting the 'Msmask32.ocx' ActiveX control

The vulnerability is a stack based buffer overflow which occurs when the control handles overly large arguments to the "Mask" parameter

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2249

 

BID:

32634

 

Microsoft ID:

MS08-071

MSKB:

956802

 

Microsoft Rating:

Critical

GDI Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code-execution vulnerability affecting the GDI when processing a specially malformed header in a WMF file

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious WMF file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged in user

Sig ID: 23231

 

Detected as "HTTP MS GDI Integer BO"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

Bloodhound.Exploit.214

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3465

 

BID:

32637

 

Microsoft ID:

MS08-071

MSKB:

956802

 

Microsoft Rating:

Moderate

 

GDI Heap Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code-execution vulnerability affecting the GDI when processing file size parameters in specially crafted WMF files

An attacker can exploit this issue by tricking an unsuspecting victim into making a copy of a malicious WMF file with a third-party application that uses the GDI API

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4024

 

BID:

32580

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

 

 

Word Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Office 2004 for Mac

This is a remote code-execution  vulnerability affecting Word when handling a malicious Word file with a malformed record

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4025

 

BID:

32579

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

 

Word RTF Object Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Outlook 2007, and 2007 SP1

Word Viewer 2003

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office 2004 for Mac

Office 2008 for Mac

This is a remote code-execution  vulnerability affecting Word when handling a malicious Rich Text Format (RTF) file with a malformed control word

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23221

 

Detected as "HTTP MS Word RTF Parsing Code Exec"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4026

 

BID:

32583

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

Word Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Word Viewer 2000

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office 2004 for Mac

Office 2008 for Mac

This is a remote code-execution  vulnerability affecting Word when handling a malicious Word file with a malformed value

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

Bloodhound.Exploit.218

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4027

 

BID:

32581

 

Microsoft ID:

MS08-072

MSKB: 957173

 

Microsoft Rating:

Critical

 

 

Word RTF Object Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Outlook 2007, and 2007 SP1

Word Viewer 2003

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office 2004 for Mac

This is a remote code-execution  vulnerability affecting Word when handling a malicious Rich Text Format (RTF) file with malformed control words

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23222

 

Detected as "HTTP MS Word RTF Malformed Code Exec"

 

Applicability

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4030

 

BID:

32642

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

 

Word RTF Object Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Outlook 2007, and 2007 SP1

Word Viewer 2003

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

This is a remote code-execution  vulnerability affecting Word when handling a malicious Rich Text Format (RTF) file with a specially crafted control word

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4028

 

BID:

32585

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

Word RTF Object Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Outlook 2007, and 2007 SP1

Word Viewer 2003

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office 2004 for Mac

Office 2008 for Mac

This is a remote code-execution  vulnerability affecting Word when handling a malicious Rich Text Format (RTF) file with a specially crafted control word

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23223

 

Detected as "HTTP MS Word RTF Obj Parsing Code Exec"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4031

 

BID:

32594

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

 

Word RTF Object Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Outlook 2007, and 2007 SP1

Word Viewer 2003

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Works 8.5

Office 2004 for Mac

Office 2008 for Mac

This is a remote code-execution  vulnerability affecting Word when handling a malicious Rich Text Format (RTF) file with a malformed string

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23224

 

Detected as "HTTP MS Word RTF Malicious Code Exec"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4837

 

BID: 32584

 

Microsoft ID:

MS08-072

MSKB:

957173

 

Microsoft Rating:

Critical

 

 

Word Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3

Word 2002 SP3

Word 2003 SP2 and SP3

Word 2007, and 2007 SP1

Outlook 2007, and 2007 SP1

Word Viewer 2003

Word Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Works 8.5

This is a remote code-execution  vulnerability affecting Word when handling a malicious Word file with a malformed record value

An attacker must trick a victim into opening a malicious file to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4258

 

BID:

 32596

 

Microsoft ID:

MS08-073

MSKB:

958215

 

Microsoft Rating:

Critical

 

Internet Explorer (IE) Parameter Validation Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 5.01 SP4

IE 6 SP1

This is a remote code-execution vulnerability affecting Internet Explorer (IE) due to how it handles certain navigation methods

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4259

 

BID:

32586

 

Microsoft ID:

MS08-073

MSKB:

958215

 

Microsoft Rating:

Critical

Internet Explorer (IE) HTML Objects Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) due to the way it accesses uninitialized memory in certain situations

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23228

 

Detected as "HTTP MSIE Webdav Src BO"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4260

 

BID:

32593

 

Microsoft ID:

MS08-073

MSKB:

958215

 

Microsoft Rating:

Critical

Internet Explorer (IE) Uninitialized Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) due to the way it handles objects which have been deleted

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4261

 

BID:

32595

 

Microsoft ID:

MS08-073

MSKB:

958215

 

Microsoft Rating:

Critical

 

Internet Explorer (IE) HTML Rendering Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 5.01 SP4

IE 6

IE 6 SP1

This is a remote code-execution vulnerability affecting Internet Explorer (IE) due to the way it embeds objects in a web page

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23225

 

Detected as "HTTP MS IE Embed Src BO"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4265

 

BID:

32618

 

Microsoft ID:

MS08-074

MSKB:

959070

 

Microsoft Rating:

Critical

Excel File Format Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

This is a remote code-execution vulnerability affecting Excel due to memory corruption when loading Excel records

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Excel file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

Bloodhound.Exploit.230

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4264

 

BID:

32621

 

Microsoft ID:

MS08-074

MSKB:

959070

 

Microsoft Rating:

Critical

 

Excel File Format Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP3

Excel 2007, and 2007 SP1

Office Excel Viewer 2003

Office Excel Viewer 2003 SP3

Office Excel Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office 2004 for Mac

Office 2008 for Mac

Open XML File Format Converter for Mac

This is a remote code-execution vulnerability affecting Excel due to pointer corruption when loading Excel formulas

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Excel file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

Bloodhound.Exploit.216

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4266

 

BID: 32622

 

Microsoft ID:

MS08-074

MSKB:

959070

 

Microsoft Rating:

Critical

Excel Global Array Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP3

Office Excel Viewer 2003

Office Excel Viewer 2003 SP3

This is a remote code-execution vulnerability affecting Excel due to stack corruption when loading Excel records

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious Excel file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23229

 

Detected as "HTTP MS Excel Record Code Exec"

 

Applicability:

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

AV:

Bloodhound.Exploit.215

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4268

 

BID:

32651

 

Microsoft ID:

MS08-075

MSKB:

959349

 

Microsoft Rating:

Important

Windows Saved Search Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code execution vulnerability affecting Windows Explorer when saving a specially crafted Windows Search file

To exploit this issue an attacker must trick a victim into saving a malicious search file with Windows Explorer

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4269

 

BID:

32652

 

Microsoft ID:

MS08-075

MSKB:

959349

 

Microsoft Rating:

Critical

 

Windows Search Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code execution vulnerability affecting Windows Explorer in the "search-ms" protocol handler

To exploit this issue an attacker must trick a victim into viewing a web page with a malicious "search-ms://" URI

 Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user

Sig ID: 23226

 

Detected as "HTTP Windows Search RCE"

 

Applicability:

SNS - SU 105

SGS - SU 69

SCS - SU 185

NIS/NAV/N360 - SU 176

NIS08/NAV08 - SU 136

N360v2 - SU 136

SEP11 - SU 89

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4032

 

BID:

32638

 

Microsoft ID:

MS08-077

MSKB:

957175

 

Microsoft Rating:

Important

 

 

Office Sharepoint Access Control Vulnerability

 

Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

Office SharePoint Server 2007 (32-bit editions)

Office SharePoint Server 2007 SP1 (32-bit editions)

Office SharePoint Server 2007 (64-bit editions)

Office SharePoint Server 2007 SP1 (64-bit editions)

This is remote authentication-bypass vulnerability affecting Sharepoint because it improperly permits access to certain administrative functions to unauthenticated users

An attacker can exploit this issue with a web browser

Successful exploitation of this vulnerability can result in denial of service conditions, information disclosure, and possibly allow the attacker to execute arbitrary script code in the context of the affected server

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3009

 

BID:

32653

 

Microsoft ID:

MS08-076

MSKB:

959807

 

Microsoft Rating:

Important

Windows Media Components SPN Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows Media Components 6.4

Windows Media Components 7.1

Windows Media Components 9.0

Windows Media Components 9.5

Windows Media Components 10

Windows Media Components 11

Windows Media Services 4.1

Windows Media Services 9

Windows Media Services 2008

This is a remote code execution vulnerability affecting the Service Principle Name (SPN) implementations of Windows Media Components that allows an attacker to reflect a victim's credentials back to the victim

To exploit this issue an attacker must trick the victim into connecting and authenticating to a malicious Media Server

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3010

 

BID:

32654

 

Microsoft ID:

MS08-076

MSKB:

959807

 

Microsoft Rating:

Important

Windows Media Components ISATAP Vulnerability

 

Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

Windows Media Components 6.4

Windows Media Components 7.1

Windows Media Components 9.0

Windows Media Components 9.5

Windows Media Components 10

Windows Media Components 11

Windows Media Services 4.1

Windows Media Services 9

Windows Media Services 2008

This is a remote code execution vulnerability affecting the Windows Media Component because of how it treats an external resource as internal when connecting to a server that is using an Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) address

To exploit this issue an attacker must trick a victim into viewing a web page containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the disclosure of the victim's NTLM credentials. This may aid in further attacks

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139956


Terms of use for this information are found in Legal Notices