1. /
  2. Security Response/
  3. Security Updates Detail

Symantec Enterprise Security Manager - Network Assessment Content Update 2008.10.01

October 24, 2008

Description

Description

This update for Symantec ESM Network Assessment detects and reports thirty additional vulnerabilities.
Use the LiveUpdate feature of Symantec ESM Network Assessment to download this security update.
Note: On the LiveUpdate wizard, the Network Assessment version will now be visible in the following format: Network Assessment <YYYY>.<MM>.<Release_Version>. Here, YYYY is the year of release, MM is the month of release, and Release_Version is the release version of this Network Assessment.

Vulnerability

Bugtraq ID Vulnerability Name
28295Microsoft Internet Explorer CreateTextRange.text Code Execution Vulnerability
30610Microsoft Internet Explorer HTML Objects Variant Memory Corruption Vulnerability
30611Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
30612Microsoft Internet Explorer HTML Component Handling Memory Corruption Vulnerability
30613Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability
30614Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
30594Microsoft Windows Image Color Management Remote Code Execution Vulnerability
30585Microsoft Outlook Express And Windows Mail MHTML Handler Information Disclosure Vulnerability
30584Microsoft Windows Event System User Subscription Request Remote Code Execution Vulnerability
30586Microsoft Windows Event System Array Index Verification Remote Code Execution Vulnerability
30551Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
31018Microsoft GDI+ VML Heap-Based Buffer Overflow Vulnerability
31019Microsoft GDI+ EMF Image Processing Memory Corruption Vulnerability
31020Microsoft GDI+ GIF File Parsing Remote Code Execution Vulnerability
31021Microsoft GDI+ WMF Image File Buffer Overflow Vulnerability
29960Microsoft Internet Explorer 'location' & 'location.href' Cross Domain Security Bypass Vulnerability
31615Microsoft Internet Explorer HTML Element Cross Domain Security Bypass Vulnerability
31616Microsoft Internet Explorer Event Handling Cross Domain Security Bypass Vulnerability
31617Microsoft Internet Explorer Uninitialized Object Remote Memory Corruption Vulnerability
31618Microsoft Internet Explorer HTML Objects Uninitialized Memory Corruption Vulnerability
31654Microsoft Internet Explorer Cross Domain Information Disclosure Vulnerability
31609Microsoft Windows Active Directory LDAP Request Handling Remote Code Execution Vulnerability
31651Microsoft Windows Kernel Window Creation Local Privilege Escalation Vulnerability
31652Microsoft Windows Kernel Memory Corruption Local Privilege Escalation Vulnerability
31653Microsoft Windows Kernel Unhandled System Call Local Privilege Escalation Vulnerability
31682Microsoft Windows Internet Printing Service Integer Overflow Vulnerability
31647Microsoft Windows SMB Buffer Underflow Code Execution Vulnerability
31675Microsoft Windows VAD Local Privilege Escalation Vulnerability
31637Microsoft Message Queuing Service RPC Query Heap Corruption Vulnerability
31673Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability
* Signature names may have been updated to comply with an updated IPS Signature naming convention. See http://www.symantec.com/business/support/index?page=content&id=TECH152794&key=54619&actp=LIST for more information.
Last modified on: October 24, 2008
Security Response Blog
The State of Spam