Symantec product detections for Microsoft monthly Security Advisories - July 2008

Article:TECH139961  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139961
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



July 8, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-0085

 

BID: 30083

 

Microsoft ID:

MS08-040

KB – 941203

 

Microsoft Rating:

Important

 

SQL Server Memory Page Reuse Vulnerability

 

Information Disclosure Vulnerability

 

This vulnerability affects the following products:

 

SQL Server 7.0 SP4, 2000 SP4, 2000 x64 Edition SP4, Itanium-based Edition SP4, 2005 SP1 and SP2, 2005 x64 Edition SP1 and SP2, 2005 with SP1 and SP2 for Itanium-based Systems, 2005 Express Edition SP1 and SP2, 2005 Express Edition with Advanced Services SP1 and SP2, Microsoft Data Engine 1.0, SQL Server 2000 Desktop Engine (MSDE 2000), SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) SP2, and Windows Internal Database (WYukon) x64 Edition SP2

This is an information disclosure vulnerability affecting SQL Server due to how it manages memory page reuse.

This vulnerability can be exploited by a user with the ‘database operator’ privileges.

Successful exploitation of this vulnerability will result in the attacker gaining access to potentially sensitive information.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0086

 

BID: 30082

 

Microsoft ID:

MS08-040

KB – 941203

 

Microsoft Rating:

Important

SQL Server Convert Buffer Overrun Vulnerability

 

Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

SQL Server 2000 SP4, 2000 x64 Edition SP4, 2000 Itanium-based Edition SP4, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), and Microsoft SQL Server 2000 Desktop Engine (WMSDE).

This is a local privilege-escalation vulnerability affecting SQL Server when converting SQL expressions from one data type to another.

An attacker with authenticated access to the application could exploit this issue to execute arbitrary code with SYSTEM privileges.

This issue may be remotely exploitable if an attacker can exploit latent SQL-injection vulnerabilities in web-based applications that use the vulnerable SQL server as a backend.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0107

 

BID: 30119

 

Microsoft ID:

MS08-040

KB – 941203

 

Microsoft Rating:

Important

SQL Server Memory Corruption Vulnerability

 

Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

SQL Server 7.0 SP4, 2000 SP4, 2000 x64 Edition SP4, 2000 Itanium-based Edition SP4, 2005 SP1 and SP2, 2005 x64 Edition SP1 and SP2, 2005 with SP1 and SP2 for Itanium-based Systems, 2005 Express Edition SP1 and SP2, 2005 Express Edition with Advanced Services SP1 and SP2, Microsoft Data Engine (MSDE) 1.0, Microsoft SQL Server 2000 Desktop Engine (MSDE 2000), Microsoft SQL Server 2000 Desktop Engine (WMSDE), Windows Internal Database (WYukon) SP2, and Windows Internal Database (WYukon) x64 Edition SP2

This is a local privilege-escalation vulnerability affecting SQL Server.

The vulnerability is because of how SQL Server validates data structures on disk files.

An authenticated attacker could exploit this issue to execute arbitrary code with SYSTEM privileges.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0106

 

BID: 30118

 

Microsoft ID:

MS08-040

KB – 941203

 

Microsoft Rating:

Important

SQL Server Buffer Overrun Vulnerability

 

Privilege Escalation Vulnerability

 

This vulnerability affects the following products:

 

SQL Server 2005 SP1 and SP2, SQL Server 2005 x64 Edition SP1 and SP2, SQL Server 2005 with SP1 and SP2 for Itanium-based Systems, Microsoft SQL Server 2005 Express Edition SP1 and SP2, and Microsoft SQL Server 2005 Express Edition with Advanced Services SP1 and SP2.

This is a local privilege-escalation vulnerability affecting SQL Server.

The vulnerability occurs when SQL Server is processing ‘insert’ statements.

An authenticated attacker can exploit this issue to execute arbitrary code with SYSTEM privileges.

An attacker may exploit this issue remotely if they can exploit latent SQL-injection vulnerabilities in web-based applications that use the vulnerable SQL server as a backend.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1435

 

BID: 30109

 

Microsoft ID:

MS08-038

KB – 950582

 

Microsoft Rating:

Important

Windows Explorer Saved Search Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Vista and Vista SP1, Vista x64 Edition, Vista x64 Edition SP1, Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a client-side remote code execution vulnerability affecting Windows Explorer.

The issue occurs when Windows Explorer is handling malformed ‘saved-search’ files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening and saving a malicious ‘saved-search’ file with the vulnerable application to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged-in user.

Sig ID: 23031

 

Detected as "HTTP MS Windows Explorer Code Exec"

 

Applicability:

SNS – SU 98

SGS – SU 62

NIS/NAV/N360 – SU 127

NIS08/NAV08 – SU 79

N360v2 – SU 79

SEP11 – SU 63

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-2247

 

BID: 30130

 

Microsoft ID:

MS08-039

KB – 953747

 

Microsoft Rating:

Important

OWA Data Validation Cross-Site Scripting Vulnerabilities

 

Cross-Site scripting Vulnerability

 

This vulnerability affects the following products:

 

Exchange Server 2003 SP2

This is a cross-site scripting vulnerability affecting Outlook Web Access for Exchange Server.

The problem occurs due to a failure to properly validate email fields when opening mail from within a client’s OWA session.

An attacker can exploit this issue by tricking a victim into opening a specially crafted email to exploit this issue.

Successful exploitation of this issue will result in the attacker being able to execute arbitrary actions with the permissions of the victim’s OWA session.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-2248

 

BID: 30078

 

Microsoft ID:

MS08-039

KB – 953747

 

Microsoft Rating:

Important

OWA HTML Parsing Cross-Site Scripting  Vulnerability

 

Cross-Site scripting Vulnerability

 

This vulnerability affects the following products:

 

Exchange Server 2003 SP2, 2007, and 2007 SP1

This is a cross-site scripting vulnerability affecting Outlook Web Access.

 

An attacker can exploit this issue by tricking an unsuspecting victim into opening a specially crafted email to exploit this issue.

 

Successful exploitation of this issue will result in the attacker being able to execute arbitrary actions with the permissions of the victim’s OWA session.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1447

 

BID: 30131

 

Microsoft ID:

MS08-037

KB – 953230

 

Microsoft Rating:

Important

DNS Insufficient Socket Entropy Vulnerability

 

DNS Spoofing Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4, XP SP2 and SP3, XP x64 Edition, XP x64 Edition SP2, Server 2003 SP1 and SP2, 2003 x64 Edition and 2003 x64 Edition SP2, and 2003 with SP1 and SP2 for Itanium-based Systems.

This is a spoofing vulnerability in Windows DNS Client and Server allowing attackers to spoof DNS responses to poison the DNS cache.

The problem occurs because the Transaction ID (TXID) can be easily guessed by an attacker.

A remote attacker can exploit this issue by sending specific queries to a vulnerable computer, and then responding with false or misleading information.

Sig ID: 23019

 

Detected as "DNS Spoofing"

 

Applicability:

SCS – SU 144

NIS/NAV/N360 – SU 127

NIS08/NAV08 – SU 79

N360v2 – SU 79

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1454

 

BID: 30132

 

Microsoft ID:

MS08-037

KB – 953230

 

Microsoft Rating:

Important

DNS Cache Poisoning  Vulnerability

 

DNS Cache Poisoning Vulnerability

 

This vulnerability affects the following products:

 

Microsoft Windows 2000 SP4, Windows Server 2003 SP1 and SP2, Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2, Windows Server 2003 with SP1 and SP2 for Itanium-based Systems, and Windows Server 2008 for 32-bit Systems, and x64-based Systems

This is a spoofing vulnerability in Windows DNS Client and Server.

The issue occurs under certain circumstances when the DNS server accepts a response from outside its authority.

A remote attacker can exploit this issue and poison the DNS cache, potentially redirecting victims to attacker-controlled sites.

N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139961


Terms of use for this information are found in Legal Notices