Symantec product detections for Microsoft monthly Security Advisories - October 2008

Article:TECH139958  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139958
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



October 14, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-3472

 

BID:

31615

 

Microsoft ID:

MS08-058

 

MSKB:

956390

 

Microsoft Rating:

Important

Internet Explorer (IE) HTML Element Cross-Domain Vulnerability

 

Remote Code Execution and Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

IE 6

IE 6 SP1

IE 7

This is a cross-domain remote code-execution and information disclosure vulnerability affecting Internet Explorer (IE)

The vulnerability occurs because IE incorrectly interprets the origin of script code

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Code execution in the context of another domain or security zone is only possible when exploited through Internet Explorer 6 SP1 running on Windows 2000 SP4

On platforms other than IE 6 SP1 on Windows 2000, exploitation of this vulnerability leads to Information Disclosure

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3473

 

BID:

31616

 

Microsoft ID:

MS08-058

 

MSKB:

956390

 

Microsoft Rating:

Critical

Internet Explorer (IE) Source Element Cross-Domain Vulnerability

 

Remote Code Execution and Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

IE 6

IE 6 SP1

IE 7

This is a cross-domain remote code-execution and information disclosure vulnerability affecting Internet Explorer (IE)

The vulnerability occurs because IE incorrectly interprets the origin of script code

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Code execution in the context of another domain or security zone is only possible when exploited through Internet Explorer 6 SP1 running on Windows 2000 SP4

On platforms other than IE 6 SP1 on Windows 2000, exploitation of this vulnerability leads to Information Disclosure

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2947

 

BID:

29960

 

Microsoft ID:

MS08-058

 

MSKB:

956390

 

Microsoft Rating:

Critical

Internet Explorer (IE) 'location' & 'location.href' Vulnerability

 

Cross Domain Security Bypass Vulnerability

 

This vulnerability affects the following products:

 

IE 5.01 SP4

IE 6

IE 6 SP1

IE 7

This is a cross-domain remote code-execution and information disclosure vulnerability affecting Internet Explorer (IE)

The vulnerability occurs when handling the"location" or "location.href" property contained in a window object

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Successful exploitation of this vulnerability will allow the attacker to execute arbitrary code in another browser window's security zone

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3474

 

BID:

31654

 

Microsoft ID:

MS08-058

 

MSKB:

956390

 

Microsoft Rating:

Important

Internet Explorer (IE) Cross-Domain Information Disclosure Vulnerability

 

Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

IE 6

IE 6 SP1

IE 7

This is an information disclosure vulnerability affecting Internet Explorer (IE)

The vulnerability occurs because IE incorrectly interprets the origin of script code

An attacker must trick a victim into visiting a website containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the disclosure of potentially sensitive information from another domain or security zone

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3475

 

BID:

31617

 

Microsoft ID:

MS08-058

 

MSKB:

956390

 

Microsoft Rating:

Critical

Internet Explorer (IE) Uninitialized Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 6

IE 6 SP1

This is a remote code execution vulnerability affecting Internet Explorer (IE)

The vulnerability occurs when IE accesses an object that has not been properly initialized or has been deleted

To exploit this issue an attacker must trick a victim into visiting a specially crafted website

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

 

AV:

Bloodhound.Exploit.210

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3476

 

BID:

31618

 

Microsoft ID:

MS08-058

 

MSKB:

956390

 

Microsoft Rating:

Critical

Internet Explorer (IE) HTML Objects Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 5.01 SP4

IE 6

IE 6 SP1

This is a remote code execution vulnerability affecting Internet Explorer (IE)

The vulnerability occurs when IE attempts to access uninitialized memory in certain situations

To exploit this issue an attacker must trick a victim into visiting a specially crafted website

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

 

AV:

Bloodhound.Exploit.209

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3466

 

BID:

31620

 

Microsoft ID:

MS08-059

 

MSKB:

956695

 

Microsoft Rating:

Critical

Host Integration Server (HIS) RPC Buffer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

HIS 2000 SP2

HIS 2000 Administrator Client

HIS 2004

HIS 2004 SP1

HIS 2006

This is a remote code execution vulnerability affecting the SNA Remote Procedure Call (RPC) service of HIS

To exploit this issue an attacker must send a malformed RPC request to the affected service

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the affected service, and potentially facilitate a complete compromise of the affected computer

Sig ID: 23113

 

Detected as"RPC MS Host Integration Server Code Exec"

 

Applicability:

SNS – SU 101

SGS – SU 65

SCS – SU 170

NIS/NAV/N360 – SU 153

NIS08/NAV08 – SU 111

N360v2 – SU 111

SEP11 – SU 79

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3477

 

BID:

31702

 

Microsoft ID:

MS08-057

 

MSKB:

956416

 

Microsoft Rating:

Critical

Excel Calendar Object Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP2

This is a remote code execution vulnerability affecting Excel

The vulnerability occurs when Excel processes a calendar object in a compiled VBA project

To exploit this issue an attacker must trick a victim into opening a malicious project file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3471

 

BID:

31705

 

Microsoft ID:

MS08-057

 

MSKB:

956416

 

Microsoft Rating:

Critical

Excel File Format Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP2

Excel 2007

Excel 2007 SP1

Office Excel Viewer 2003

Office Excel Viewer 2003 SP3

Office Excel Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office SharePoint Server 2007

Office SharePoint Server 2007 SP1

Office SharePoint Server 2007 x64 Edition

Office SharePoint Server 2007 x64 Edition SP1

This is a remote code execution vulnerability affecting Excel

The vulnerability occurs when Excel processes a malformed BIFF file

To exploit this issue an attacker must trick a victim into opening a malicious file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

AV:

Bloodhound.Exploit.211

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4019

 

BID:

31706

 

Microsoft ID:

MS08-057

 

MSKB:

956416

 

Microsoft Rating:

Critical

Excel Formula Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP2

Excel 2007

Excel 2007 SP1

Office Excel Viewer 2003

Office Excel Viewer 2003 SP3

Office Excel Viewer

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office SharePoint Server 2007

Office SharePoint Server 2007 SP1

Office SharePoint Server 2007 x64 Edition

Office SharePoint Server 2007 x64 Edition SP1

This is a remote code execution vulnerability affecting Excel

The vulnerability occurs when Excel parses a malformed formula embedded in a cell

To exploit this issue an attacker must trick a victim into opening a malicious file

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3479

 

BID:

31637

 

Microsoft ID:

MS08-065

 

MSKB:

951071

 

Microsoft Rating:

Important

Message Queuing Service Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

This is a remote code execution vulnerability affecting the Message Queuing Service when parsing an RPC request

To exploit this issue an attacker must send a specially crafted RPC request to the affected computer

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code with SYSTEM level privileges

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1446

 

BID:

31682

 

Microsoft ID:

MS08-062

 

MSKB:

953155

 

Microsoft Rating:

Important

Windows Internet Printing (IPP) Service Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a remote code execution vulnerability affecting the Internet Printing Protocol (IPP) of Internet Information Services (IIS)

To exploit this issue, a remote authenticated attacker must connect a vulnerable server to an attacker controlled computer, and subsequently execute code on the vulnerable computer

Successful exploitation of this vulnerability will result in the execution of arbitrary code on the affected computer in the context of the affected service

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2250

 

BID:

31651

 

Microsoft ID:

MS08-061

 

MSKB:

954211

 

Microsoft Rating:

Important

Windows Kernel Window Creation Vulnerability

 

Local Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a local privilege escalation vulnerability affecting the Windows kernel

The vulnerability occurs since the kernel does not properly validate properties of a newly created window

Successful exploitation of this vulnerability will result in the execution of arbitrary code on the affected computer in the context of the kernel, facilitating a complete compromise

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2251

 

BID:

31653

 

Microsoft ID:

MS08-061

 

MSKB:

954211

 

Microsoft Rating:

Important

Windows Kernel Unhandled Exception Vulnerability

 

Local Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a local privilege escalation vulnerability affecting the Windows kernel

The vulnerability occurs since the kernel improperly handles system calls from multiple threads

Successful exploitation of this vulnerability will result in the execution of arbitrary code on the affected computer in the context of the kernel, facilitating a complete compromise

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2252

 

BID:

31652

 

Microsoft ID:

MS08-061

 

MSKB:

954211

 

Microsoft Rating:

Important

Windows Kernel Heap Overflow Vulnerability

 

Local Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a local privilege escalation vulnerability affecting the Windows kernel

The vulnerability occurs since the kernel improperly validates data passed from user mode to kernel mode

Successful exploitation of this vulnerability will result in the execution of arbitrary code on the affected computer in the context of the kernel, facilitating a complete compromise

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3464

 

BID:

31673

 

Microsoft ID:

MS08-066

 

MSKB:

956803

 

Microsoft Rating:

Important

Microsoft Ancillary Function Driver (AFD) Kernel Overwrite Vulnerability

 

Local Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 SP1 and SP2 for Itanium-based Systems

This is a local privilege escalation vulnerability affecting the Ancillary Function Driver ('afd.sys')

The vulnerability occurs since the AFD improperly validates input passed from user mode to the kernel

Successful exploitation of this vulnerability will allow a local attacker to execute arbitrary code with kernel level privileges

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4036

 

BID:

31675

 

Microsoft ID:

MS08-064

 

MSKB:

956841

 

Microsoft Rating:

Important

Virtual Address Descriptor Elevation of Privilege Vulnerability

 

Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a local privilege escalation vulnerability affecting the Memory Manager

The vulnerability occurs because of the way the Memory Manager handles memory allocation and Virtual Address Descriptors (VADs)

Successful exploitation of this vulnerability will allow a local attacker to elevate their privileges and gain complete control of the affected computer

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4038

 

BID:

31647

 

Microsoft ID:

MS08-063

 

MSKB:

957095

 

Microsoft Rating:

Important

SMB Buffer Underflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 SP1 and SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a local privilege escalation vulnerability affecting the Server Message Block (SMB) protocol

The vulnerability occurs due to way SMB handles specially crafted file names

A remote authenticated attacker can exploit this issue to execute arbitrary code on the vulnerable computer, facilitating a complete compromise

Sig ID: 23154

 

Detected as "SMB Search Command Code Exec"

 

Applicability:

SNS – SU 101

SGS – SU 65

SCS – SU 170

NIS/NAV/N360 – SU 153

NIS08/NAV08 – SU 111

N360v2 – SU 111

SEP11 – SU 79

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4023

 

BID:

31609

 

Microsoft ID:

MS08-060

 

MSKB:

957280

 

Microsoft Rating:

Critical

Active Directory Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Active Directory

This is a remote code execution vulnerability affecting Active Directory on Windows 2000

The vulnerability occurs because of insufficient validation of LDAP requests

A remote attacker can exploit this issue by sending a malformed LDAP packet affected server

Successful exploitation of this issue will result in the execution of attacker-supplied code in the context of the affected service, which may facilitate a complete compromise of the affected computer

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-4020

 

BID:

31693

 

Microsoft ID:

MS08-056

 

MSKB:

957699

 

Microsoft Rating:

Moderate

Office Content-Disposition Header Vulnerability

 

Cross Site Scripting Vulnerability

 

This vulnerability affects the following products:

 

Office XP SP3

This is a cross-site scripting vulnerability affecting Office

The vulnerability occurs when processing the 'cdo://' protocol and the Content-Disposition: Attachment header

An attacker can exploit this issue by tricking an unsuspecting victim into clicking a cdo:// link

A successful exploit will result in the execution of arbitrary script code in the context of the attacker-specified site

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139958


Terms of use for this information are found in Legal Notices