Symantec product detections for Microsoft monthly Security Advisories - March 2008

Article:TECH139965  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139965
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



March 11, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2006-4695

 

BID: 28135

 

Microsoft ID:

MS08-017

KB – 933103

 

Microsoft Rating:

Critical

Office Web Components URL Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office Web Components 2000

 

This is a client-side remote code-execution vulnerability affecting Office Web Components due to the way it manages memory resources when parsing a URL.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22405

 

Detected as "HTTP MS Office Unsafe Web Components Code Exec"

 

Applicability:

SNS – SU 94

SGS – SU 58

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

SEP11 – SU 37

AV:

N/A

 

Sygate IDS:

N/A

 

Canary Sig ID: 50047

(Only NAV/NIS 08)

Detected as "MS Office Web Component CSVData BO"

CAN/CVE ID:

CVE-2007-1201

 

BID: 28136

 

Microsoft ID:

MS08-017

KB – 933103

 

Microsoft Rating:

Critical

 

 

Office Web Components DataSource Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office Web Components 2000

 

This is a client-side remote code-execution vulnerability affecting Office Web Components during URL parsing.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22835

 

Detected as "HTTP MS Office Web Component Code Exec"

 

Applicability:

SNS – SU 94

SGS – SU 58

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

SEP11 – SU 37

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0110

 

BID: 28147

 

Microsoft ID:

MS08-015

KB – 949031

 

Microsoft Rating:

Critical

Outlook URI Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Outlook 2000 SP3, 2002 SP3. 2003 SP2 and 2007

 

This is a remote code-execution vulnerability affecting Outlook when handling "mailto" URIs passed to it from the browser.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the attacker gaining access to all current email and possibly redirecting or copying all future emails.

 

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0111

 

BID: 28094

 

Microsoft ID:

MS08-014

KB – 949029

 

Microsoft Rating:

Critical

Excel Data Validation Record Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3, 2002 SP3, 2003 SP2 and 2007

Excel Viewer 2003

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office 2004 for Mac

 

This is a client-side remote code-execution vulnerability affecting Excel when processing data validation records.

An attacker can exploit this issue by tricking a victim into opening a malicious file.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22852

 

Detected as "HTTP Excel Data Validation Malformed Record BO"

 

Applicability:

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

 

 

AV:

Bloodhound.Exploit.177

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0112

 

BID: 28095

 

Microsoft ID:

MS08-0014

KB – 949029

 

Microsoft Rating:

Critical

Excel File Import Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3

Office 2004 and 2008 for Mac

 

This is a client-side remote code-execution vulnerability affecting Excel when importing files.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0114

 

BID: 28166

 

Microsoft ID:

MS08-014

KB – 949029

 

Microsoft Rating:

Critical

Excel Style Record Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3, 2002 SP3, 2003 SP2 and 2007

Office 2004 for Mac

 

 

This is a client-side remote code-execution vulnerability affecting Excel when handling Style record data.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22845

 

Detected as "HTTP Excel Style Record Remote Code Exec"

 

Applicability:

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

 

AV:

Bloodhound.Exploit.178

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0115

 

BID: 28167

 

Microsoft ID:

MS08-014

KB – 949029

 

Microsoft Rating:

Critical

Excel Formula Parsing Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3, 2002 SP3, 2003 SP2 and 2007

Excel Viewer 2003

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office 2004 for Mac

 

This is a client-side remote code-execution vulnerability affecting Excel due to a memory calculation error when handling malformed formulas.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

N/A

AV:

Bloodhound.Exploit.179

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0116

 

BID: 28168

 

Microsoft ID:

MS08-014

KB – 949029

 

Microsoft Rating:

Critical

Excel Rich Text Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3, 2002 SP3 and 2003 SP2

Excel Viewer 2003

Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Office 2004 and 2008 for Mac

 

This is a client-side remote code-execution vulnerability affecting Excel when handling rich text values when loading application data into memory.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22854

 

Detected as "HTTP MS Excel Rich Text Validation Code Exec"

 

Applicability:

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

 

AV:

Bloodhound.Exploit.180

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0117

 

BID: 28170

 

Microsoft ID:

MS08-014

KB – 949029

 

Microsoft Rating:

Critical

Excel Conditional Formatting Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3 and 2002 SP3

Office 2004 and 2008 for Mac

 

This is a client-side remote code-execution vulnerability affecting Excel due to the way it handles conditional formatting values.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22855

 

Detected as "HTTP MS Excel Conditional Formatting Code Exec"

 

Applicability:

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

 

AV:

Bloodhound.Exploit.181

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0081

 

BID: 27305

 

Microsoft ID:

MS08-014

KB – 949029

 

Microsoft Rating:

Critical

Microsoft Excel Header Parsing Remote Code Execution Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel 2000 SP3, 2002 SP3 and 2003 SP2

Excel Viewer 2003

Office 2004 for Mac

 

This is a previously disclosed remote code execution vulnerability first documented on Jan 15, 2008.

This is a client-side remote code-execution vulnerability affecting Excel when handling macros in malicious files.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22759

 

Detected as "HTTP Excel Remote Code Exec"

 

Applicability:

SNS – SU 94

SGS – SU 58

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

SEP11 – SU 37

NIS MAC – SU 17

 

AV:

Bloodhound.Exploit.170

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-1747

CVE-2008-0113

 

BID: 23826

 

Microsoft ID:

MS08-016

KB – 949030

 

Microsoft Rating:

Important

Microsoft Office Cell Parsing Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Excel Viewer 2003

Excel Viewer 2002 SP3

 

This is an update to BID 23826 (Microsoft Office Malformed Drawing Object Remote Code Execution Vulnerability) adding Excel Viewer as vulnerable.

This is a client-side remote code-execution vulnerability when handling specially crafted Excel files.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22274

 

Detected as "HTTP MS Office Drawing BO"

 

Applicability:

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

SEP11 – SU 37

AV:

Bloodhound.Exploit.144

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0118

 

BID:28146

 

Microsoft ID:

MS08-016

KB – 949030

 

Microsoft Rating:

Critical

Microsoft Office Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office 2000 SP3

Office XP SP3

Office 2003 SP2

 

This is a client-side remote code-execution vulnerability affecting Office when processing malformed PowerPoint files.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

 

Sig ID: 22848

 

Detected as "HTTP MS Office PowerPoint Memory Corruption"

 

Applicability:

SCS – SU 116

NIS/NAV/N360 – SU 102

NIS/NAV08 – SU 48

SEP11 – SU 37

NIS MAC – SU 17

 

AV:

Bloodhound.Exploit.176

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139965


Terms of use for this information are found in Legal Notices