Symantec product detections for Microsoft monthly Security Advisories - September 2008

Article:TECH139959  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139959
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



September 9, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2007-5348

 

BID:

31018

 

Microsoft ID:

MS08-052

 

MSKB:

954593

 

Microsoft Rating:

Critical

GDI+ VML Buffer Overrun Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer 6

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Vista and Vista SP1

Vista x64 and Vista x64 SP1

Windows Server 2008 (x86, x64 and Itanium)

Office XP SP3, 2003 SP2, 2007

Visio 2002 SP2

PowerPoint Viewer 2003

Microsoft Works 8

Microsoft Digital Image Suite 2006

SQL 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 SP2

SQL Server 2005 for Itanium-based Systems SP2

Microsoft Report Viewer 2005 SP1 Redistributable Package, and version 2008

Microsoft Forefront Client Security 1.0

This is a remote code-execution vulnerability affecting GDI+ when handling gradient sizes

An attacker must trick a victim into visiting a website containing malicious content, opening a malicious email, or into opening a malicious image file to exploit this issue

Successful exploitation of this vulnerability will result in the attacker executing arbitrary code in the context of the currently logged-in user

Canary Sig ID: 50190

 

Detected as "MSIE GDI VML Gradiant Size BO"

 

Applicability:

NIS08/NAV08 – SU 104

N360v2 – SU 104

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3012

 

BID:

31019

 

Microsoft ID:

MS08-052

 

MSKB:

954593

 

Microsoft Rating:

Critical

GDI+ EMF Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer 6

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Vista and Vista SP1

Vista x64 and Vista x64 SP1

Windows Server 2008 (x86, x64 and Itanium)

Office XP SP3, 2003 SP2, 2007

Visio 2002 SP2

PowerPoint Viewer 2003

Microsoft Works 8

Microsoft Digital Image Suite 2006

SQL 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 SP2

SQL Server 2005 for Itanium-based Systems SP2

Microsoft Report Viewer 2005 SP1 Redistributable Package, and version 2008

Microsoft Forefront Client Security 1.0

This is a remote code-execution vulnerability affecting GDI+ when handling memory allocation

An attacker must trick a victim into visiting a website containing malicious content, or into opening a malicious EMF image file to exploit this issue

Successful exploitation of this vulnerability will result in the attacker executing arbitrary code in the context of the currently logged-in user

Sig ID: 23119

 

Detected as "HTTP MS GDI EMF Code Execution"

 

Applicability:

SNS – SU 100

SGS – SU 64

SCS – SU 164

NIS/NAV/N360 – SU 147

NIS08/NAV08 – SU 104

N360v2 – SU 104

SEP11 – SU 76

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3013

 

BID:

31020

 

Microsoft ID:

MS08-052

 

MSKB:

954593

 

Microsoft Rating:

Critical

GDI+ GIF Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer 6

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Vista and Vista SP1

Vista x64 and Vista x64 SP1

Windows Server 2008 (x86, x64 and Itanium)

Office XP SP3, 2003 SP2, 2007

Visio 2002 SP2

PowerPoint Viewer 2003

Microsoft Works 8

Microsoft Digital Image Suite 2006

SQL 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 SP2

SQL Server 2005 for Itanium-based Systems SP2

Microsoft Report Viewer 2005 SP1 Redistributable Package, and version 2008

Microsoft Forefront Client Security 1.0

This is a remote code-execution vulnerability affecting GDI+ when parsing indexes in specially crafted GIF image files

An attacker must trick a victim into visiting a website containing malicious content, or into opening a malicious image file to exploit this issue

Successful exploitation of this vulnerability will result in the attacker executing arbitrary code in the context of the currently logged-in user

Sig ID: 23114

 

Detected as "HTTP MS GDI Malformed GIF Code Exec"

 

Applicability:

SNS – SU 100

SGS – SU 64

SCS – SU 164

NIS/NAV/N360 – SU 147

NIS08/NAV08 – SU 104

N360v2 – SU 104

SEP11 – SU 76

AV:

Bloodhound.Exploit.203

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3014

 

BID:

31021

 

Microsoft ID:

MS08-052

 

MSKB:

954593

 

Microsoft Rating:

Critical

GDI+ WMF Buffer Overrun Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer 6

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Vista and Vista SP1

Vista x64 and Vista x64 SP1

Windows Server 2008 (x86, x64 and Itanium)

Office XP SP3, 2003 SP2, 2007

Visio 2002 SP2

PowerPoint Viewer 2003

Microsoft Works 8

Microsoft Digital Image Suite 2006

SQL 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 SP2

SQL Server 2005 for Itanium-based Systems SP2

Microsoft Report Viewer 2005 SP1 Redistributable Package, and version 2008

Microsoft Forefront Client Security 1.0

This is a remote code-execution vulnerability affecting GDI+ when allocating memory for WMF image files

An attacker must trick a victim into visiting a website containing malicious content, or into opening a malicious image file to exploit this issue

Successful exploitation of this vulnerability will result in the attacker executing arbitrary code in the context of the currently logged-in user

Sig ID: 23121

 

Detected as "HTTP MS GDI Malformed WMF Code Exec"

 

Applicability:

SNS – SU 100

SGS – SU 64

SCS – SU 164

NIS/NAV/N360 – SU 147

NIS08/NAV08 – SU 104

N360v2 – SU 104

SEP11 – SU 76

AV:

Bloodhound.Exploit.206

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3015

 

BID:

31022

 

Microsoft ID:

MS08-052

 

MSKB:

954593

 

Microsoft Rating:

Critical

GDI+ BMP Integer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Office XP SP3, 2003 SP2, 2007

Visio 2002 SP2

PowerPoint Viewer 2003

Microsoft Works 8

Microsoft Digital Image Suite 2006

SQL 2000 Reporting Services SP2

SQL Server 2005 SP2

SQL Server 2005 x64 SP2

SQL Server 2005 for Itanium-based Systems SP2

Microsoft Report Viewer 2005 SP1 Redistributable Package, and version 2008

Microsoft Forefront Client Security 1.0

This is a remote code-execution vulnerability affecting GDI+ when handling integer calculations

An attacker must trick a victim into viewing a website containing malicious content, or into opening a malicious BMP image file to exploit this issue

Successful exploitation of this vulnerability will result in the attacker executing arbitrary code in the context of the currently logged-in user

Sig ID: 23118

 

Detected as "HTTP MS GDI Malformed BMP Code Exec"

 

Applicability:

SNS – SU 100

SGS – SU 64

SCS – SU 164

NIS/NAV/N360 – SU 147

NIS08/NAV08 – SU 104

N360v2 – SU 104

SEP11 – SU 76

AV:

Bloodhound.Exploit.202

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE- 2008-2253

 

BID:

30550

 

Microsoft ID:

MS08-054

 

MSKB:

954154

 

Microsoft Rating:

Critical

Windows Media Player Sampling Rate Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Media Player 11

This is a remote-code execution vulnerability affecting Media Player when handling streamed audio-only files with different sampling rates

An attacker must trick a victim into opening a malicious audio file from a Windows Media Server to exploit this issue

A successful attack will result in the execution of attacker supplied code in the context of the currently logged-in user

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE- 2008-3007

 

BID:

31067

 

Microsoft ID:

MS08-055

 

MSKB:

955047

 

Microsoft Rating:

Critical

Uniform Resource Locator Validation Error Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office XP SP3

Office 2003 SP2 and SP3

Office 2007

Office 2007 SP1

OneNote 2007

OneNote 2007 SP1

This is a remote-code execution vulnerability affecting Office when processing the OneNote protocol handler (‘onenote://’)

An attacker can exploit this issue by tricking a victim into following a malicious URL

A successful attack will result in the execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23116

 

Detected as "HTTP MS Office OneNote Code Exec"

 

Applicability:

SNS – SU 100

SGS – SU 64

SCS – SU 164

NIS/NAV/N360 – SU 147

NIS08/NAV08 – SU 104

N360v2 – SU 104

SEP11 – SU 76

AV:

Bloodhound.Exploit.204

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE- 2008-3008

 

BID:

31065

 

Microsoft ID:

MS08-053

 

MSKB:

954156

 

Microsoft Rating:

Critical

Windows Media Encoder Buffer Overrun Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64

Windows Server 2003 x64 SP2

Windows Server 2003 with SP1 and SP2 for Itanium-based Systems

Windows Vista and Vista SP1

Windows Vista x64, and Vista  x64 SP1

Windows Server 2008 (for x86,  x64 and Itanium-based Systems)

This is a remote-code execution vulnerability affecting the WMEX.DLL ActiveX control installed by Windows Media Encoder 9

An attacker must trick a victim into viewing a web-page containing malicious content to exploit this issue

A successful attack will result in the execution of arbitrary code in the context of the currently logged-in user

 

Note : The ActiveX control is only present on systems that have installed Windows Media Encoder 9

Sig ID: 23112

 

Detected as "HTTP Windows Media Encoder ActiveX BO"

 

Applicability:

SNS – SU 100

SGS – SU 64

SCS – SU 164

NIS/NAV/N360 – SU 147

NIS08/NAV08 – SU 104

N360v2 – SU 104

SEP11 – SU 76

 

 

Canary Sig ID: 50189

 

Detected as "MSIE MS Windows Media Encoder BO"

 

Applicability:

NIS08/NAV08 – SU 104

N360v2 – SU 104

AV:

Bloodhound.Exploit.205

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139959


Terms of use for this information are found in Legal Notices