Symantec product detections for Microsoft monthly Security Advisories - February 2008

Article:TECH139966  |  Created: 2010-09-15  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH139966
Article Type
Technical Solution


Issue



This document describes Symantec product detections for the Microsoft vulnerabilities for which Microsoft releases patches in their monthly Security Advisories.

 

Note: Symantec posts this information shortly after it becomes available from Microsoft. Any missing information will be added to the document as it becomes available.


Solution



February 12, 2008

 

 ID and Rating

 

Description

Details

Intrusion Protection System (IPS) Response

Other Detections

CAN/CVE ID:

CVE-2008-0076

 

BID:

27668

 

Microsoft ID:

MS08-010

 

MSKB:

944533

 

Microsoft Rating:

Critical

HTML Rendering Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 5.01 SP4, 6, 6 SP1, and 7 on multiple platforms

This is a client-side remote code-execution vulnerability affecting Internet Explorer when interpreting HTML with certain layout combinations.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0077

 

BID:

27666

 

Microsoft ID:

MS08-010

 

MSKB:

944533

 

Microsoft Rating:

Critical

Property Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 5.01 SP4, 6, 6 SP1, and 7 on multiple platforms

This is a client-side remote code-execution vulnerability affecting Internet Explorer when handling a property method.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

 

Note – NIS/NAV 2008 only include technology which detects this threat under the following:

 

Sig ID – 50106

Detected as "MS AnimateMotion Memory Corruption"

CAN/CVE ID:

CVE-2008-0078

 

BID:

27689

 

Microsoft ID:

MS08-010

 

MSKB:

944533

 

Microsoft Rating:

Critical

Argument Handling Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 5.01 SP4, 6, 6 SP1, and 7 on multiple platforms

This is a client-side remote code-execution vulnerability affecting Internet Explorer when handling argument validation in image processing.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22801

 

Detected as "HTTP MS DirectX Img Processing Code Exec"

 

Applicability:

SNS – SU 93

SGS – SU 57

SCS – SU 108

NIS/NAV/N360 – SU 95

NIS/NAV08 – SU 39

SEP11 – SU 32

AV:

N/A

 

Sygate IDS:

N/A

 

Note - NIS/NAV 2008 only include technology which detects this threat under the following:

 

Sig ID – 50105 (SU 39)

Detected as "HTTP DirectX DxtMsft Dll Code Exec"

CAN/CVE ID:

CVE-2007-4790

 

BID:

25571 / 25977

 

Microsoft ID:

MS08-010

 

MSKB:

944533

 

Microsoft Rating:

Critical

Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Internet Explorer (IE) 5.01 SP4, 6, 6 SP1, and 7 on multiple platforms

This is a client-side remote code-execution vulnerability, affecting the 'FoxDoCmd()' method of the 'FPOLE.OCX' ActiveX control.

An attacker can exploit this issue by tricking a victim into visiting a malicious web page.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22622

 

Detected as "HTTP MS Visual Foxpro Cmd Exec"

 

Applicability:

SNS – SU 93

SGS – SU 57

SCS – SU 108

NIS/NAV/N360 – SU 95

NIS/NAV08 – SU 39

SEP11 – SU 32

AV:

Bloodhound.Exploit.175

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0109

 

BID:

27656

 

Microsoft ID:

MS08-009

 

MSKB:

947077

 

Microsoft Rating:

Critical

Word Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Word 2000 SP3, Word 2002 SP3, Word 2003 SP2

 

Note – Office 2003 SP3, Word Viewer 2003, Office 2007 and Office for Mac are not affected by this vulnerability

This is a client-side remote code-execution vulnerability affecting Word due to a memory calculation error when handling specially crafted Word files.

An attacker must trick a victim into opening a malicious file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22802

 

Detected as "HTTP MS Word Remote Code Exec"

 

Applicability:

SNS – SU 93

SGS – SU 57

SCS – SU 108

NIS/NAV/N360 – SU 95

NIS/NAV08 – SU 39

SEP11 – SU 32

AV:

Bloodhound.Exploit.172

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0102

 

BID:

27739

 

Microsoft ID:

MS08-012

 

MSKB:

947085

 

Microsoft Rating:

Critical

Publisher Invalid Memory Reference Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Publisher 2000 SP3

Publisher 2002 SP3

Publisher 2003 SP2

 

Note – Office 2003 SP3 and Office 2007 are not affected by this vulnerability

This is a client-side remote code-execution vulnerability affecting Publisher due to a memory calculation error when handling specially crafted Word files.

An attacker must trick a victim into opening a specially crafted '.pub' file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

 

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0104

 

BID:

27740

 

Microsoft ID:

CVE-2008-0104

 

MSKB:

947085

 

Microsoft Rating:

Critical

Publisher Memory Corruption Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Publisher 2000 SP3

Publisher 2002 SP3

Publisher 2003 SP2

 

Note – Office 2003 SP3 and Office 2007 are not affected by this vulnerability

This is a client-side remote code-execution vulnerability affecting Publisher due to a failure to properly validate memory index values.

An attacker must trick a victim into opening a specially crafted '.pub' file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0103

 

BID:

27738

 

Microsoft ID:

MS08-013

 

MSKB:

947108

 

Microsoft Rating:

Critical

Office Execution Jump Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Office 2000 SP3

Office 2002 SP3

Office 2003 SP2

This is a client-side remote code-execution vulnerability affecting Office when handling a specially crafted Office document with a malformed object inserted into it.

An attacker must trick a victim into opening a specially crafted Office file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-0065

 

BID:

27661

 

Microsoft ID:

MS08-008

 

MSKB:

947890

 

Microsoft Rating:

Critical

OLE Heap Overrun Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows 2000 SP4, XP SP2, XP Pro x64,  Server 2003 SP1 and SP2, Server 2003 x64, Server 2003 SP1 and SP2 Itanium, Vista, Vista x64

Office 2004 for Mac

Visual Basic 6.0 SP6

This is a client-side remote code-execution vulnerability affecting Object Linking and Embedding (OLE) automation.

An attacker must trick a victim into visiting a malicious web page to exploit this vulnerability.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22803

 

Detected as "HTTP MS OLE Automation Remote Code Exec"

 

Applicability:

SNS – SU 93

SGS – SU 57

SCS – SU 108

NIS/NAV/N360 – SU 95

NIS/NAV08 – SU 39

NIS MAC – SU 16

SEP11 – SU 32

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0080

 

BID:

27670

 

Microsoft ID:

MS08-007

 

MSKB:

946026

 

Microsoft Rating:

Critical

WebDAV Mini-Redirector Heap Overflow Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Windows XP SP2, XP Pro x64,  Server 2003 SP1 and SP2, Server 2003 x64, Server 2003 SP1 and SP2 Itanium, Vista, Vista x64

This is a client-side remote code-execution vulnerability affecting WebDAV mini-redirector when handling responses.

An attacker must trick a victim into visiting an attacker-controlled server and view malicious WebDAV components to exploit this issue.

A successful attack will result in the execution of arbitrary code in the context of Windows Kernel. This could facilitate a complete compromise of the affected computer.

Sig ID: 22798

 

Detected as "HTTP WebDAV Mini-Redirector BO"

 

Applicability:

SNS – SU 93

SGS – SU 57

SCS – SU 108

NIS/NAV/N360 – SU 95

NIS/NAV08 – SU 39

SEP11 – SU 32

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0075

 

BID:

27676

 

Microsoft ID:

MS08-006

 

MSKB:

942830

 

Microsoft Rating:

Important

IIS ASP HTMLEncode Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

IIS 5.1 on Windows XP SP2

IIS 6.0 on Windows XP Pro x64 and Server 2003 (all editions)

This is a client-side remote code-execution vulnerability affecting Internet Information Services (IIS) due to how the application encodes HTML content.

An attacker must have the ability to upload an arbitrary ASP page to a vulnerable server, or locate a site that performs HTML encoding on user-supplied input, to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the Worker Process Identity (WPI)

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0074

 

BID:

27101

 

Microsoft ID:

MS08-005

 

MSKB:

942831

 

Microsoft Rating:

Important

IIS File Change Notification Vulnerability

 

Elevation of Privilege Vulnerability

 

This vulnerability affects the following products:

 

IIS 5.0 on Windows 2000 Service Pack 4

IIS 5.1 on Windows XP Service Pack 2 (all editions)

IIS 6.0 on Windows Server 2003 (all editions)

IIS 7.0 on Windows Vista (all editions)

This is a local privilege-escalation vulnerability affecting Internet Information Services (IIS) when handling file change notifications in the 'FTPRoot', 'NNTPFile\Root', and 'WWWRoot' directories.

An attacker must have the ability to write to at least one of those directories to exploit this issue.

A successful attack will result in the execution of arbitrary code in the context of local system. This could facilitate a complete compromise of the affected computer.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0084

 

BID:

27634

 

Microsoft ID:

MS08-004

 

MSKB:

946456

 

Microsoft Rating:

Important

Vista TCP/IP Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

Windows Vista

Windows Vista x64 Edition

This is a remote denial-of-service vulnerability affecting TCP/IP processing in Windows Vista.

An attacker can exploit this issue by creating a malicious DHCP server that returns a specially crafted packet to a vulnerable computer.

A successful attack will cause the affected computer to crash.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0088

 

BID:

27638

 

Microsoft ID:

MS08-003

 

MSKB:

946538

 

Microsoft Rating:

Important

Active Directory (AD) Vulnerability

 

Denial of Service Vulnerability

 

This vulnerability affects the following products:

 

AD on 2000 SP4, Server 2003 SP1 and SP2, Server 2003 x64, Server 2003 SP1 and SP2 for Itanium

ADAM on Windows XP SP2, Server 2003 SP1 and SP2, Server 2003 x64

This is a remote denial-of-service vulnerability affecting Active Directory and Active Directory Application Mode (ADAM) when handling malformed LDAP requests.

An attacker can exploit this issue by sending a specially crafted request to the vulnerable server.

A successful attack will result in the server becoming unresponsive to subsequent requests.

Sig ID: N/A

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2007-0216

 

BID:

27657

 

Microsoft ID:

MS08-011

 

MSKB:

947081

 

Microsoft Rating:

Moderate

Microsoft Works File Converter Input Validation Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Works 6 File Converter on Office 2003 SP2 and SP3

Works 8.0

Works Suite 2005

This is a client-side remote code-execution vulnerability affecting Microsoft Works File Converter due to improper validation of section length headers in '.wps' files.

An attacker must trick a victim into opening a specially crafted file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22782

 

Detected as "HTTP MS Office Works Converter STSH Chunk BO"

 

Applicability:

SNS

SGS

SCS

NIS/NAV

NIS/NAV08

NIS_MAC

SEP11

AV:

Bloodhound.Exploit.174

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0105

 

BID:

27658

 

Microsoft ID:

MS08-011

 

MSKB:

947081

 

Microsoft Rating:

Moderate

Microsoft Works File Converter Index Table Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Works 6 File Converter on Office 2003 SP2 and SP3

Works 8.0

Works Suite 2005

This is a client-side remote code-execution vulnerability affecting Microsoft Works File Converter due to improper validation of section header index table information in '.wps' files.

An attacker must trick a victim into opening a specially crafted file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22808

 

Detected as "HTTP MS Works STRS chunk BO"

 

Applicability:

SNS

SGS

SCS

NIS/NAV

NIS/NAV08

NIS_MAC

SEP11

AV:

N/A

 

Sygate IDS:

N/A

CAN/CVE ID:

CVE-2008-0108

 

BID:

27659

 

Microsoft ID:

MS08-011

 

MSKB:

947081

 

Microsoft Rating:

Moderate

Microsoft Works File Converter Field Length Vulnerability

 

Remote Code Execution Vulnerability

 

This vulnerability affects the following products:

 

Works 6 File Converter on Office 2003 SP2 and SP3

Works 8.0

Works Suite 2005

This is a client-side remote code-execution vulnerability affecting Microsoft Works File Converter due to improper validation of field lengths information in '.wps' files.

An attacker must trick a victim into opening a specially crafted file to exploit this issue.

Successful exploitation of this vulnerability will result in the execution of arbitrary attacker-supplied code in the context of the currently logged in user.

Sig ID: 22780

 

Detected as "HTTP MS Office Works Converter Little Chunk Size BO"

 

Applicability:

SNS

SGS

SCS

NIS/NAV

NIS/NAV08

NIS_MAC

SEP11

AV:

Bloodhound.Exploit.173

 

Sygate IDS:

N/A

 

 




Legacy ID



2010030511372348


Article URL http://www.symantec.com/docs/TECH139966


Terms of use for this information are found in Legal Notices