Symantec product detections for Microsoft monthly Security Advisories - November 2008

Article:TECH139957  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139957
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



November 11, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2007-0099

 

BID:

21872

 

Microsoft ID:

MS08-069

 

MSKB:

955218

 

Microsoft Rating:

Critical

Internet Explorer (IE) MSXML3 Race Condition Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

XML Core Services 3.0

This is a previously public vulnerability in Microsoft XML Core Services disclosed on January 4, 2007 and documented in BID 21872.

The problem occurs when rendering 'XML' documents that contain an excessive amount of nested tags and are displayed in an 'IFRAME'. If the rendering process is repeatedly disrupted with a JavaScript timer forcing the page to reload every 50-100 milliseconds, the application becomes corrupted and the vulnerability is triggered.

Attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable application.

Failed exploit attempts will cause denial of service conditions.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4029 

 

BID:

32155

 

Microsoft ID:

MS08-069

 

MSKB:

955218

 

Microsoft Rating:

Important

MSXML DTD Cross-Domain Scripting Vulnerability

 

Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

XML Core Services 3.0

XML Core Services 4.0

A cross-domain information disclosure vulnerability affects Microsoft XML Core Services due to how it handles error checks for external document type definitions (DTDs).

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page.

A successful attack will result in the disclosure of potentially sensitive information from other domains.

Information obtained may aid in further attacks.

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4033

 

BID:

32204

 

Microsoft ID:

MS08-069

 

MSKB:

955218

 

Microsoft Rating:

Important

MSXML Chunked Request Vulnerability

 

Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

XML Core Services 3.0

XML Core Services 4.0

XML Core Services 5.0

XML Core Services 6.0

A cross-domain information disclosure vulnerability affects Microsoft XML Core Services due to how it handles transfer-encoding headers.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing malicious web page.

A successful attack will result in the disclosure of potentially sensitive information from other domains.

Information obtained may aid in further attacks.

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4037

 

BID:

7385

 

Microsoft ID:

MS08-068

 

MSKB:

957097

 

Microsoft Rating:

Important

SMB Credential Reflection Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Windows 2000 SP4

Windows XP SP2

Windows XP SP3

Windows XP Professional x64 Edition

Windows XP Professional x64 Edition SP2

Windows Server 2003 SP1

Windows Server 2003 SP2

Windows Server 2003 x64 Edition

Windows Server 2003 x64 Edition SP2

Windows Server 2003 SP1 for Itanium-based Systems

Windows Server 2003 SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64 Edition

Windows Vista x64 Edition SP1

Windows Server 2008 for 32-bit Systems

Windows Server 2008 for x64-based Systems

Windows Server 2008 for Itanium-based Systems

This is a previously documented remote code-execution vulnerability affecting the Microsoft Server Message Block (SMB) protocol.

The problem occurs because of how SMB handles NTLM credentials.

Specifically, if an attacker can trick a victim into connecting to a malicious SMB server, the attacker can reflect the victim’s credentials back, and gain access to the victim’s computer in the context of the currently logged-in user.

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139957


Terms of use for this information are found in Legal Notices