Symantec product detections for Microsoft monthly Security Advisories - June 2008

Article:TECH139962  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139962
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



June 10, 2008

ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-1451

 

BID:

29588

 

Microsoft ID:

MS08-034

 

MSKB:

948745

 

Microsoft Rating:

Important

WINS Memory Overwrite Vulnerability

 

Local Escalation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 x64 Edition SP2, and Server 2003 SP1 and SP2 for Itanium-based Systems

This is a local escalation of privilege vulnerability affecting WINS.

The vulnerability occurs when handling malformed packets from malicious sources

Successful exploitation of this vulnerability will result in the attacker taking complete control of the computer.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1453

 

BID:

29522

 

Microsoft ID:

MS08-030

 

MSKB:

951376

 

Microsoft Rating:

Critical

Bluetooth Stack Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows XP SP2 and SP3, XP Professional x64 Edition, XP Professional x64 Edition SP2, Vista, Vista SP1, Vista x64 Edition, and Vista x64 Edition SP1

This is a remote code-execution vulnerability affecting the Microsoft Windows Bluetooth.

The vulnerability is in the Windows Bluetooth stack when handling a flood of specially crafted service description requests.

An attacker can exploit this issue by sending malformed requests to the vulnerable computer.

Successful exploitation of this vulnerability will result in the complete compromise of the affected computer.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0011

 

BID:

29581

 

Microsoft ID:

MS08-033

 

MSKB:

951698

 

Microsoft Rating:

Critical

DirectX MJPEG Decoder Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

DirectX 8.1

DirectX 9.0

This is a remote code execution vulnerability affecting the Windows MJPEG Codec when doing error checking on MJPEG streams in AVI and ASF files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0144

 

BID:

29578

 

Microsoft ID:

MS08-033

 

MSKB:

951698

 

Microsoft Rating:

Critical

DirectX SAMI Format Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

DirectX 7.0

DirectX 8.1

This is a remote code execution vulnerability affecting DirectX when parsing the parameters of SAMI (Synchronized Accessible Media Interchange) file types.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file, or visiting a specially crafted webpage.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

Sig ID: 22972

 

Detected as "HTTP MS DirectX Malformed File Code Exec"

 

Applicability:

SNS – SU 97

SGS – SU 61

NIS/NAV/N360 – SU 122

NIS08/NAV08 – SU 74

N360v2 – SU 74

SEP11 – SU 59

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1442

 

BID:

29556

 

Microsoft ID:

MS08-031

 

MSKB:

950759

 

Microsoft Rating:

Critical

IE HTML Objects Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 6.0, 6.1 and 7.0

This is a remote code execution vulnerability affecting Internet Explorer.

An attacker can exploit this issue by tricking an unsuspecting victim into visiting a webpage with malicious content.

Successful exploitation of this vulnerability will result in the execution of arbitrary code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1544

 

BID:

28379

 

Microsoft ID:

MS08-031

 

MSKB:

950759

 

Microsoft Rating:

Important

IE setRequestHeader() Multiple Vulnerabilities

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 5.01, 6.0, 6.1 and 7.0

This is a remote code execution vulnerability affecting Internet Explorer.

An attacker can exploit this issue by tricking an unsuspecting victim into visiting a webpage with malicious content.

Successful exploitation of this issue will result in the attacker being able to bypass the same origin policy to gain access to potentially sensitive information.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-0675

 

BID:

22359

 

Microsoft ID:

MS08-032

 

MSKB:

950760

 

Microsoft Rating:

Moderate

Vista Voice Recognition Command Execution Vulnerability

 

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 5.01, and 6.0

 

Note: This update also sets the kill bit for a third-party ActiveX application from BackWeb (BID 29558).

This is a publicly known vulnerability in ActiveX Speech Components (sapi.dll).

An attacker can exploit this issue by tricking an unsuspecting victim into visiting a webpage with malicious content.

Successful exploitation of this issue will result in the execution of arbitrary commands in the context of the currently logged-in user.

Sig ID: 22974

 

Detected as "HTTP MS Speech API ActiveX KillBit"

 

Sig ID: 22975

 

Detected as "HTTP BackWeb ActiveX KillBit"

 

Applicability:

SNS – SU 97

SGS – SU 61

NIS/NAV/N360 – SU 122

NIS08/NAV08 – SU 74

N360v2 – SU 74

SEP11 – SU 59

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1440

 

BID:

29508

 

Microsoft ID:

MS08-036

 

MSKB:

952072

 

Microsoft Rating:

952072

PGM Invalid Length Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Windows XP SP2 and SP3, XP Pro x64 Edition, XP Pro x64 Edition SP2, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 x64 Edition SP2, and Server 2003 SP1 and SP2 for Itanium-based Systems

This is a denial-of-service vulnerability affecting PGM (Pragmatic General Multicast), a protocol used in MSMQ (Microsoft Message Queuing), when handling malformed packets.

The vulnerability occurs because the protocol’s parsing code does not properly validate the option field length of a PGM packet.

A remote attacker can exploit this issue to cause a vulnerable computer to become unresponsive, and require a reboot.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1441

 

BID:

29509

 

Microsoft ID:

MS08-036

 

MSKB:

952072

 

Microsoft Rating:

Important

PGM Malformed Fragment Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Windows XP SP2 and SP3, XP Pro x64 Edition, XP Pro x64 Edition SP2, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 x64 Edition SP2, Server 2003 SP1 and SP2 for Itanium-based Systems, Vista, Vista SP1, Vista x64 Edition, Vista x64 Edition SP1, and Server 2008 for 32-bit Systems, x64-based Systems, and Itanium-based Systems

This is a denial-of-service vulnerability affecting PGM (Pragmatic General Multicast), a protocol used in MSMQ (Microsoft Message Queuing), when handling malformed packets with an invalid fragment option.

An attacker can exploit this issue by sending a continuous stream of malformed packets to a vulnerability computer.

A remote attacker can exploit this issue to cause a vulnerable computer to become unresponsive, and require a reboot.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1445

 

BID:

29584

 

Microsoft ID:

MS08-035

 

MSKB:

953235

 

Microsoft Rating:

Important

Active Directory Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Active Directory

ADAM (Active Directory Application Mode)

AD LDS (Active Directory Lightweight Directory Services)

This is a denial-of-service vulnerability affecting Active Directory.

An attacker can exploit this issue by sending a specially crafted LDAP packet to a vulnerable server.

The attacker will require authentication credentials to exploit this issue on all systems except Windows 2000 server.

Successful exploitation of this vulnerability will cause the affected computer to restart.

N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139962


Terms of use for this information are found in Legal Notices