Symantec product detections for Microsoft monthly Security Advisories - May 2008

Article:TECH139963  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139963
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



May 13, 2008

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-1091

 

BID:

29104

 

Microsoft ID:

MS08-026

 

MSKB:

951207

 

Microsoft Rating:

Critical

Word Object Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 SP3

Word Viewer 2003, 2003 SP3

Word 2007, 2007 SP1

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office 2004 and 2008 for Mac

This is a remote code execution vulnerability affecting Word when handling specially crafted Rich Text Format (.rtf) files.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

Sig ID: 22932

 

Detected as"HTTP MS Word RTF File Code Exec"

 

Applicability:

SCS – SU 130

NIS/NAV/N360 – SU 114

NIS08/NAV08 – SU 64

N360v2 – SU 64

SEP11 – SU 49

AV:

Bloodhound.Exploit.192

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1434

 

BID:

29105

 

Microsoft ID:

MS08-026

 

MSKB:

951207

 

Microsoft Rating:

 

Word Cascading Style Sheet (CSS) Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3, 2002 SP3, 2003 SP2, 2003 SP3

Word Viewer 2003, 2003 SP3

Word 2007, 2007 SP1, Outlook 2007, 2007 SP1

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office 2004 and 2008 Mac

This is a remote code execution vulnerability affecting Word.

The vulnerability is in the handling of Word files that include a malformed CSS value.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

Sig ID: 22931

 

Detected as"HTTP MS Word CSS Remote Code Exec"

 

Applicability:

SCS – SU 130

NIS/NAV/N360 – SU 114

NIS08/NAV08 – SU 64

N360v2 – SU 64

SEP11 – SU 49

 

 

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0119

 

BID:

29158

 

Microsoft ID:

MS08-027

 

MSKB:

951208

 

Microsoft Rating:

Critical

Publisher Object Handler Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Publisher 2000 SP3, 2002 SP3, 2003 SP2, 2003 SP3, 2007, 2007 SP1

This is a remote code-execution vulnerability affecting Publisher.

The vulnerability is in the validating of object header data in a maliciously crafted Publisher file.

An attacker can exploit this issue by tricking an unsuspecting victim into opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-6026

 

BID:

26468

 

Microsoft ID:

MS08-028

 

MSKB:

950749

 

Microsoft Rating:

Important

Jet DB Engine MDB File Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Jet 4.0 Database Engine

This is a stack-based buffer-overflow affecting Microsoft Jet Database Engine.

Attackers are exploiting this issue by placing a malicious MDB file in a Word file, and then distributing the Word file.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

N/A

AV:

Bloodhound.Exploit.183

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1437

 

BID:

29060

 

Microsoft ID:

MS08-029

 

MSKB:

952044

 

Microsoft Rating:

Moderate

Malware Protection Engine Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Live OneCare

Antigen for Exchange 9.x, Antigen for SMTP Gateway 9.x

Windows Defender for Windows XP, Vista

Forefront Client Security, FCS for exchange and SharePoint

Standalone System Sweeper located in Diagnostics and Recovery Toolset 6

This is a denial-of-service vulnerability affecting Malware Protection Engine.

An attacker can exploit this issue by sending a malicious file to an affected system, or by placing the file at a publicly accessible location and tricking a victim into downloading the file.

Successful exploitation of this vulnerability will cause the affected computer to become non-responsive and restart.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1438

 

BID:

29073

 

Microsoft ID:

MS08-029

 

MSKB:

952044

 

Microsoft Rating:

Moderate

Malware Protection Engine Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Live OneCare

Antigen for Exchange 9.x, Antigen for SMTP Gateway 9.x

Windows Defender for Windows XP, Vista

Forefront Client Security, FCS for Exchange and SharePoint

Standalone System Sweeper located in Diagnostics and Recovery Toolset 6

This is a denial-of-service vulnerability affecting Malware Protection Engine.

An attacker can exploit this issue by sending a malicious file to an affected system, or by placing the file at a publicly accessible location and tricking a victim into downloading the file.

Successful exploitation of this vulnerability will cause the affected computer to become non-responsive and restart.

N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139963


Terms of use for this information are found in Legal Notices