ID and Rating

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-2463

BID:

30114

Microsoft ID:

MS08-041

MSKB:

955617

Microsoft Rating:

Critical

ActiveX Control for the Snapshot Viewer Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Snapshot Viewer for Microsoft Access in:

Office Access 2000

Office Access 2002

Office Access 2003

This is a vulnerability in Snapshot Viewer ActiveX control that allows an attacker to download a file to an arbitrary location on the victim’s computer

An attacker must trick a victim into visiting a web page containing malicious content to exploit this issue

Successful exploitation of this vulnerability will result in the attacker executing code in the context of the currently logged-in user

If the victim does not currently have the ActiveX control installed, and the victim uses Internet Explorer 6, the attacker can install the control without any further user-interaction

Sig ID: 23034 / 23074

Detected as "HTTP SnapShot Viewer ActiveX File Download"

Applicability:

SNS – SU 94

SGS – SU 58

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

Canary Sig ID: 50166

Detected as "MSIE MS Snapshot ActiveX File Download"

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2245

BID:

30594

Microsoft ID:

MS08-046

MSKB:

952954

Microsoft Rating:

Critical

Microsoft Color Management System Pathname Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 & SP3

Windows XP Pro x64 and x64 SP2

Windows Server 2003 SP1 and SP2

Windows Server 2003 x64 and x64 Edition SP2

Windows Server 2003 SP1 or SP2 for Itanium-based Systems

This is a remote-code execution vulnerability affecting Microsoft Color Management System (MSCMS) when handling a malformed picture file.

An attacker can exploit this issue by tricking a victim into viewing a web page or email that contains a malicious picture file to exploit this issue

A successful attack will result in the execution of arbitrary code in the context of the currently logged-in user.

Sig ID: 23082

Detected as "HTTP MS Windows Image Color Management BO"

Applicability:

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

Bloodhound.Exploit.188

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3019

BID:

30595

Microsoft ID:

MS08-044

MSKB:

924090

Microsoft Rating:

Critical

Office Malformed EPS Filter Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Office 2000 SP3

Office XP SP3

Office 2003 SP2

Office Converter Pack

Microsoft Works 8

Project 2002 SP1

This is a client-side remote code-execution vulnerability affecting Microsoft Office filters

The vulnerability is because of how Office filters handle malformed graphics images

This issue can be exploited by tricking a victim into opening a specially crafted Encapsulated PostScript (EPS) file

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3018

BID:

30597

Microsoft ID:

MS08-044

MSKB:

924090

Microsoft Rating:

Critical

Office Malformed PICT Filter Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Office 2000 SP3

Office XP SP3

Office 2003 SP2

Office Converter Pack

Microsoft Works 8

Project 2002 SP1

This is a client-side remote code-execution vulnerability affecting Microsoft Office filters

The vulnerability is because of how Office filters handle malformed PICT files

This issue can be exploited by tricking a victim into opening a specially crafted PICT file with MS Office

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3021

BID:

30598

Microsoft ID:

MS08-044

MSKB:

924090

Microsoft Rating:

Critical

Office PICT Filter Parsing Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Office 2000 SP3

Office XP SP3

Office 2003 SP2

Office Converter Pack

Microsoft Works 8

Project 2002 SP1

This is a client-side remote code-execution vulnerability affecting Microsoft Office when handling specially malformed PICT files

This issue can be exploited by tricking a victim into opening a specially crafted PICT file with MS Office

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3020

BID:

30599

Microsoft ID:

MS08-044

MSKB:

924090

Microsoft Rating:

Critical

Office Malformed BMP Filter Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Office 2000 SP3

Office XP SP3

Office Converter Pack

Microsoft Works 8

Project 2002 SP1

This is a client-side remote code-execution vulnerability affecting Microsoft Office

The vulnerability is because of how Office handles malformed BMP images

This issue can be exploited by tricking a victim into opening a specially crafted BMP file

A successful attack will result in execution of attacker supplied code in the context of the currently logged-in user

Sig ID: 23030

Detected as "HTTP MS Office Bmp Filter Code Exec"

Applicability

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3460

BID:

30600

Microsoft ID:

MS08-044

MSKB:

924090

Microsoft Rating:

Critical

Office WPG Image File Heap Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Office 2000 SP3

Office XP SP3

Office 2003 SP2

Office Converter Pack

Microsoft Works 8

Project 2002 SP1

This is a client-side remote code-execution vulnerability affecting Microsoft Office

The vulnerability is because of how Office handles malformed WordPerfect Graphics (WPG) files

This issue can be exploited by tricking a victim into opening a specially crafted WordPerfect Graphics (WPG) files

A successful attack will result in execution of attacker supplied code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2254

BID:

30614

Microsoft ID:

MS08-045

MSKB:

953838

Microsoft Rating:

Critical

IE HTML Object Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) because of how in certain situations it attempts to access uninitialized memory

The vulnerability can be exploited by tricking a victim into viewing a web page containing malicious content A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2255

BID:

28295

Microsoft ID:

MS08-045

MSKB:

953838

Microsoft Rating:

Critical

IE CreateTextRange.text Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) because of how in certain situations it attempts to access uninitialized memory

The vulnerability occurs when the application processes a malicious page containing a 'CreateTextRange' call that repeatedly sets the 'text' property to large values

The vulnerability can be exploited by tricking a victim into viewing a web page containing malicious content

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2256

BID:

30611

Microsoft ID:

MS08-045

MSKB:

953838

Microsoft Rating:

Critical

IE Uninitialized Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) when it attempts to access an object that has not been properly initialized or has been deleted

The vulnerability can be exploited by tricking a victim into viewing a web page containing malicious content

 A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2257

BID:

30613

Microsoft ID:

MS08-045

MSKB:

953838

Microsoft Rating:

Critical

IE HTML Objects Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) when it attempts to access uninitialized memory in certain situations

The vulnerability can be exploited by tricking a victim into viewing a web page containing malicious content

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2258

BID:

30610

Microsoft ID:

MS08-045

MSKB:

953838

Microsoft Rating:

Critical

IE HTML Objects Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 5.01 SP4

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) when it attempts to access uninitialized memory in certain situations

The vulnerability can be exploited by tricking a victim into viewing a web page containing malicious content

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2259

BID:

30612

Microsoft ID:

MS08-045

MSKB:

953838

Microsoft Rating:

Critical

IE Argument Handling Memory Corruption Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Internet Explorer 6 SP1

Internet Explorer 6

Internet Explorer 7

This is a remote code-execution vulnerability affecting Internet Explorer (IE) because of how it handles arguments in print previews

The vulnerability can be exploited by tricking a victim into viewing a web page containing malicious content

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3004

BID:

30638

Microsoft ID:

MS08-043

MSKB:

954066

Microsoft Rating:

Critical

Excel Indexing Validation Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP2 and SP3

Excel Viewer 2003

Office 2004 for Mac

Office 2008 for Mac

This is a client-side remote code-execution vulnerability affecting Excel when processing index values when loading an Excel file

The vulnerability can be exploited by tricking a victim into opening a malicious file

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23076

Detected as "HTTP Excel Chart Remote Code Exec"

Applicability:

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3005

BID:

30639

Microsoft ID:

MS08-043

MSKB:

954066

Microsoft Rating:

Critical

Excel Index Array Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Excel 2000 SP3

Excel 2002 SP3

This is a client-side remote code-execution vulnerability affecting Excel when processing index array records when loading an Excel file

The vulnerability can be exploited by tricking a victim into opening a malicious file

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

Sig ID: 23077

Detected as "HTTP Excel Format Remote Code Exec"

Applicability:

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3006

BID:

30640

Microsoft ID:

MS08-043

MSKB:

954066

Microsoft Rating:

Critical

Excel Record Parsing Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Excel 2000 SP3

Excel 2002 SP3

Excel 2003 SP2 and SP3

Excel 2007

Excel 2007 SP1

Excel Viewer 2003

Excel Viewer 2003 SP3

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

Office SharePoint Server 2007

Office 2004 for Mac

Office 2008 for Mac

This is a client-side remote code-execution vulnerability affecting Excel when processing record values when loading an Excel file

The vulnerability can be exploited by tricking a victim into opening a malicious file

A successful attack will result in execution of arbitrary code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-3003

BID:

30641

Microsoft ID:

MS08-043

MSKB:

954066

Microsoft Rating:

Important

Excel Credential Caching Vulnerability

Information Disclosure Vulnerability

This vulnerability affects the following products:

Excel 2007

Excel 2007 SP1

This is a local information-disclosure vulnerability affecting Excel

The vulnerability occurs because Excel fails to delete the remote connection password string when the ‘.xlsx’ file is configured to not save the password

A local attacker can exploit this issue to gain access to protected, and potentially sensitive data

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0120

BID:

30552

Microsoft ID:

MS08-051

MSKB:

949785

Microsoft Rating:

Important

PowerPoint Memory Allocation Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

PowerPoint Viewer 2003

This is a client-side remote code-execution vulnerability affecting PowerPoint because of a memory calculation error when processing a malformed picture index

The vulnerability can be exploited by tricking a victim into opening a malicious PowerPoint file with the vulnerable application to exploit this issue

A successful attack will result in execution of attacker supplied code in the context of the currently logged-in user

SIG ID

Detected as "HTTP MS PowerPoint Picture Index Code Exec"

AV:

Bloodhound.Exploit.200

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0121

BID:

30554

Microsoft ID:

MS08-051

MSKB:

949785

Microsoft Rating:

Important

PowerPoint Memory Allocation Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

PowerPoint Viewer 2003

This is a client-side remote code-execution vulnerability affecting PowerPoint when handling malformed PowerPoint files

The vulnerability can be exploited by tricking a victim into opening a malicious PowerPoint file with the vulnerable application to exploit this issue

A successful attack will result in execution of attacker supplied code in the context of the currently logged-in user

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1455

BID:

30579

Microsoft ID:

MS08-051

MSKB:

949785

Microsoft Rating:

Critical

PowerPoint Parsing Overflow Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

PowerPoint 2000 SP3

PowerPoint 2002 SP3

PowerPoint 2003 SP2 & SP3

PowerPoint 2007

PowerPoint 2007 SP1

Office 2004 for Mac

Office 2008 for Mac

This is a client-side remote code-execution vulnerability affecting PowerPoint because of a memory calculation error when processing list values

The vulnerability can be exploited by tricking a victim into opening a malicious PowerPoint file with the vulnerable application to exploit this issue

A successful attack will result in execution of attacker supplied code in the context of the currently logged-in user

Sig ID: 23079

Detected as "HTTP MS Powerpoint Malformed File BO"

Applicability:

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

Bloodhound.Exploit.201

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1457

BID:

30584

Microsoft ID:

MS08-049

MSKB:

950974

Microsoft Rating:

Important

Event System Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Server 2003 SP1 and SP2

Server 2003 x64

2003 Server x64 SP2

Server 2003 SP1 or SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit, and x64-based Systems

This is a remote code execution vulnerability affects the Windows Event System

The vulnerability occurs because of a failure to properly validate user subscriptions when created

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges

N/A

AV:

Bloodhound.Exploit.198

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1456

BID:

30586

Microsoft ID:

MS08-049

MSKB:

950974

Microsoft Rating:

Important

Event System Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Windows 2000 SP4

Windows XP SP2 and SP3

Windows XP Pro x64

Windows XP Pro x64 SP2

Server 2003 SP1 and SP2

Server 2003 x64

2003 Server x64 SP2

Server 2003 SP1 or SP2 for Itanium-based Systems

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Windows Server 2008 for 32-bit, and x64-based systems

This is a remote code execution vulnerability affects the Windows Event System

The vulnerability occurs because of a failure to properly validate the range of indexes

A remote authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM-level privileges

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2244

BID:

30124

Microsoft ID:

MS08-042

MSKB:

955048

Microsoft Rating:

Important

Word Record Parsing Vulnerability

Remote Code Execution Vulnerability

This vulnerability affects the following products:

Word 2002 SP2

Word 2003 SP2 and SP3

This is a client-side remote code-execution vulnerability affecting Microsoft Word when parsing record values in malformed Word files

The vulnerability can be exploited by tricking a victim into opening a malicious file

A successful attack will result in execution of attacker supplied code in the context of the currently logged-in user

Sig ID: 23035

Detected as "HTTP MS Word Malformed File Code Exec"

Applicability:

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1448

BID:

30585

Microsoft ID:

MS08-048

MSKB:

951066

Microsoft Rating:

Important

Outlook Express and Windows Mail URL Parsing Cross Domain Vulnerability

Information Disclosure Vulnerability

This vulnerability affects the following products:

Outlook Express 5.5

Outlook Express 6

Windows Mail

This is a information-disclosure vulnerability affecting Outlook Express and Windows Mail because the MHTML protocol handler incorrectly interprets HTTP headers

The vulnerability can be exploited by tricking a victim into following a malicious URI

A successful attack will result in the attacker gaining access to information in another security zone or domain

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2246

BID:

30634

Microsoft ID:

MS08-047

MSKB:

953733

Microsoft Rating:

Important

IPSec Policy Vulnerability

Information Disclosure Vulnerability

This vulnerability affects the following products:

Windows Vista

Windows Vista SP1

Windows Vista x64

Windows Vista x64 SP1

Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a information-disclosure vulnerability affecting Windows when importing IPSec policies from Windows Server 2008 domains to Windows Server 2003 domains

The vulnerability occurs because in certain situations IPSec policies are not properly imported and subsequently all future traffic is transmitted in clear-text

The result is a false sense of security which subsequently allows an attacker to perform man-in-the-middle attacks to obtain potentially sensitive information.

N/A

AV:

N/A

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0082

BID:

30551

Microsoft ID:

MS08-050

MSKB:

955702

Microsoft Rating:

Important

Messenger Vulnerability

Information Disclosure Vulnerability

This vulnerability affects the following products:

Windows Messenger 4.7

Windows Messenger 5.1

MSN Messenger 7.0.0820

Windows Live Messenger 8.1

Windows Live Messenger 8.5

This is a client-side unauthorized-access vulnerability affecting the Windows Messenger ActiveX control because it does not properly limit access to the control’s methods

The vulnerability can be exploited by tricking a victim into visiting a web page containing malicious content

A successful attack will allow the attacker to perform various functions with the victim’s client, and potentially gain the victim’s credentials

N/A

AV:

N/A

Sygate IDS:

N/A

MSKB:

953839

Cumulative Security Update of ActiveX Kill Bits

This vulnerability affects the following products:

Aurigma Image Uploader

HP Instant Support

The following Bugtraq IDs are affected:

Aurigma Image Uploader – 27577, 27539, 26537, 30548

HP Instant Support – 29530, 29531, 29532, 29533, 29534, 29535, 29536

Sig ID: 23072

Detected as "HTTP HP Instant Support ActiveX Activity"

Sig ID: 23073

Detected as "HTTP Aurigma Image Uploader ActiveX Activity"

Applicability:

SNS – SU 94

SGS – SU 63

SCS – SU 158

NIS/NAV/N360 – SU 141

NIS08/NAV08 – SU 95

N360v2 – SU 95

SEP11 – SU 72

AV:

N/A

Sygate IDS:

N/A