Symantec product detections for Microsoft monthly Security Advisories - April 2008

Article:TECH139964  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139964
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



April 8, 2008

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-0083

 

BID:

28551

 

Microsoft ID:

MS08-022

 

MSKB:

944338

 

Microsoft Rating:

 

VBScript and JScript Scripting Engines Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

VBScript/JScript 5.1 on  Windows 2000 SP4

VBScript/JScript 5.6 on Windows 2000 SP4, XP SP2, XP x64 Edition,  Server 2003 SP1 and SP2, Server 2003 x64 Edition, and Server 2003 with SP1 and SP2 for Itanium-based Systems

This is a client-side remote code-execution vulnerability affecting JScript and VBScript engines.

An attacker can exploit this issue by tricking an unsuspecting victim into viewing a malicious web page or opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of attacker-supplied code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1085

 

BID:

28552

 

Microsoft ID:

MS08-024

 

MSKB:

947864

 

Microsoft Rating:

Critical

Data Stream Handling Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 5.01 SP4

IE 6 SP1

IE 7

This is a client-side remote code-execution vulnerability affecting Internet Explorer (IE).

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1083

 

BID:

28571

 

Microsoft ID:

MS08-021

 

MSKB:

948590

 

Microsoft Rating:

Critical

GDI Heap Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4, XP SP2, XP x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 with SP1 and SP2 for Itanium-based Systems, Vista, Vista x64 Edition, Vista for Itanium-based systems, and Server 2008 (all editions)

This is a client-side remote code-execution vulnerability affecting GDI.

An attacker can exploit this issue by tricking a victim into opening a malicious EMF or WMF file.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22906

 

Detected as "HTTP EMF GDI Integer BO"

 

Applicability:

SCS – SU 123

NIS/NAV/N360 – SU 107

NIS/NAV08 – SU 55

SEP11 – SU 42

 

AV:

Bloodhound.Exploit.188

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1087

 

BID:

28570

 

Microsoft ID:

MS08-021

 

MSKB:

948590

 

Microsoft Rating:

Critical

GDI Stack Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4, XP SP2, XP x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 with SP1 and SP2 for Itanium-based Systems, Vista, Vista x64 Edition, Vista for Itanium-based systems, and Server 2008 (all editions)

This is a client-side remote code-execution vulnerability affecting GDI.

An attacker can exploit this issue by tricking a victim into opening a malicious EMF file.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22902

 

Detected as "HTTP GDI EMF Remote Code Exec"

 

Applicability:

SCS – SU 123

NIS/NAV/N360 – SU 107

NIS/NAV08 – SU 55

SEP11 – SU 42

AV:

Bloodhound.Exploit.187

 

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1086

 

BID:

28606

 

Microsoft ID:

MS08-023

 

MSKB:

948881

 

Microsoft Rating:

Critical

ActiveX Object Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IE 5.01 SP4, IE 6 SP1, Windows XP SP2, XP x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 with SP1 and SP2 for Itanium-based Systems, Vista, Vista x64 Edition, Vista for Itanium-based systems, and Server 2008

This is a client-side remote code-execution vulnerability affecting the ‘hxvz.dll’ component.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Note: Microsoft is also releasing an update that sets the kill bit for a third-party component from Yahoo. The BIDs associated with these components are

27579, 27590 and 27578.

Sig ID: 22903

 

Detected as "HTTP HxTocCtrl ActiveX Code Exec"

 

Applicability:

SNS – SU 95

SGS – SU 60

SCS – SU 123

NIS/NAV/N360 – SU 107

NIS/NAV08 – SU 55

SEP11 – SU 42

 

 

Canary Sig ID: 50144

Detected as "MSIE HxTocCtrl ActiveX Code Exec"

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1088

 

BID:

28607

 

Microsoft ID:

MS08-018

 

MSKB:

950183

 

Microsoft Rating:

Critical

Project Memory Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Project 2000 SP1, 2002 SP1, Office Project 2003 SP2

This is a client-side remote code-execution vulnerability affecting Project.

An attacker can exploit this issue by tricking a victim into opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1084

 

BID:

28554

 

Microsoft ID:

MS08-025

 

MSKB:

941693

 

Microsoft Rating:

Important

Windows Kernel Vulnerability

 

Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4, XP SP2, XP x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 with SP1 and SP2 for Itanium-based Systems, Vista, Vista x64 Edition, Vista for Itanium-based systems, and Server 2008

This is a local privilege-escalation vulnerability affects the windows kernel.

This vulnerability exists due to the kernel performing improper validation of usermode input.

Successful exploitation of this vulnerability will result in the execution of arbitrary code with kernel level permission.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0087

 

BID:

28553

 

Microsoft ID:

MS08-020

 

MSKB:

945553

 

Microsoft Rating:

Important

DNS Spoofing Attack Vulnerability

 

Spoofing Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4, XP SP2, XP x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition, Server 2003 with SP1 and SP2 for Itanium-based Systems, Vista, Vista x64 Edition, and Vista for Itanium-based systems

This is a vulnerability affecting multiple Windows platforms.

This vulnerability allows an attacker to spoof legitimate DNS responses, and potentially redirect victims to an attacker-controlled location.

Successful exploitation of this vulnerability will aid phishing attacks.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1089

 

BID:

28555

 

Microsoft ID:

MS08-019

 

MSKB:

949032

 

Microsoft Rating:

Important

Visio Object Header Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office Visio 2002 SP2, 2003 SP2, 2003 SP3, 2007, and 2007 SP1

This is a client-side remote code-execution vulnerability affecting Visio.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Visio file.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-1090

 

BID:

28556

 

Microsoft ID:

MS08-019

 

MSKB:

949032

 

Microsoft Rating:

Important

Visio Memory Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office Visio 2002 SP2, 2003 SP2, 2003 SP3, 2007, and 2007 SP1

This is a client-side remote code-execution vulnerability affecting Visio, due to the way it validates memory allocations when loading malformed files.

An attacker can exploit this issue by tricking a victim into opening a specially crafted Visio file.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

N/A

AV:

N/A

 

Sygate IDS:

N/A

 

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139964


Terms of use for this information are found in Legal Notices