Executive Summary

Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA08-099A First vendor Publication 2008-04-08
Vendor US-CERT Last vendor Modification 2008-04-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, and Office.

I. Description

Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for April 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a denial of service.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the April
2008 security bulletin. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects.
Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA08-099A.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-59 Session Credential Falsification through Prediction
CAPEC-112 Brute Force
CAPEC-281 Analytic Attacks

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-94 Failure to Control Generation of Code ('Code Injection')
20 % CWE-399 Resource Management Errors
20 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10 % CWE-330 Use of Insufficiently Random Values

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5314
 
Oval ID: oval:org.mitre.oval:def:5314
Title: DNS Spoofing Attack Vulnerability
Description: The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
Family: windows Class: vulnerability
Reference(s): CVE-2008-0087
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5344
 
Oval ID: oval:org.mitre.oval:def:5344
Title: Microsoft Office Visio Memory Validation Vulnerability
Description: Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1090
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Microsoft Office Visio 2002
Microsoft Office Visio 2003
Microsoft Office Visio 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5384
 
Oval ID: oval:org.mitre.oval:def:5384
Title: Project Memory Validation Vulnerability
Description: Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1088
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Microsoft Project 2000
Microsoft Project 2002
Microsoft Project 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5437
 
Oval ID: oval:org.mitre.oval:def:5437
Title: Windows Kernel Vulnerability
Description: Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1084
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5441
 
Oval ID: oval:org.mitre.oval:def:5441
Title: GDI Heap Overflow Vulnerability
Description: Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1083
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5475
 
Oval ID: oval:org.mitre.oval:def:5475
Title: ActiveX Object Memory Corruption Vulnerability
Description: The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1086
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5495
 
Oval ID: oval:org.mitre.oval:def:5495
Title: VBScript and JScript Remote Code Execution Vulnerability
Description: The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2008-0083
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5496
 
Oval ID: oval:org.mitre.oval:def:5496
Title: Microsoft Office Visio Object Header Vulnerability
Description: Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1089
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Product(s): Microsoft Office Visio 2002
Microsoft Office Visio 2003
Microsoft Office Visio 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5563
 
Oval ID: oval:org.mitre.oval:def:5563
Title: Data Stream Handling Memory Corruption Vulnerability
Description: Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1085
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5580
 
Oval ID: oval:org.mitre.oval:def:5580
Title: GDI stack Overflow Vulnerability
Description: Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1087
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 7
Application 19
Application 5
Application 3
Application 5
Os 2
Os 6
Os 2
Os 3
Os 5
Os 6
Os 3

SAINT Exploits

Description Link
Windows GDI EMF filename buffer overflow More info here

OpenVAS Exploits

Date Description
2011-01-10 Name : Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553)
File : nvt/gb_ms08-020.nasl
2011-01-10 Name : Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881)
File : nvt/gb_ms08-023.nasl
2011-01-10 Name : Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulner...
File : nvt/gb_ms08-024.nasl
2011-01-10 Name : Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerab...
File : nvt/gb_ms08-025.nasl
2008-09-03 Name : Windows vulnerability in DNS Client Could Allow Spoofing (945553)
File : nvt/win_CVE-2008-0087.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
44215 Microsoft Windows GDI EMF Filename Parameter Handling Overflow

A buffer overflow exists in Windows. GDI fails to validate EMF files resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44214 Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow

A buffer overflow exists in Windows. GDI fails to validate EMF and WMF image files resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44213 Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows

A heap overflow overflow exists in Windows. gdi32.dll fails to validate EMF files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44212 Microsoft Project File Handling Unspecified Arbitrary Code Execution

An unspecified memory corruption flaw exists in Project. With a specially crafted Project file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44211 Microsoft Vbscript.dll VBScript Decoding Code Execution

A code execution flaw exists in Windows. Vbscript.dll fails to validate scripts provided by web pages resulting in unauthorized code execution. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44210 Microsoft Jscript.dll JScript Arbitrary Code Execution

An unspecified code execution flaw exists in Windows. Jscript.dll fails to validate scripts provided by web pages resulting in code execution. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44206 Microsoft Windows Kernel Unspecified Privilege Escalation

Microsoft Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. This flaw may lead to a loss of integrity.
44205 Microsoft IE Data Stream Handling Memory Corruption

A memory corruption flaw exists in Internet Explorer. The program fails to validate data streams resulting in a use-after-free condition. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
44172 Microsoft Windows DNS Client Predictable Transaction ID Spoofing

44171 Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption

44170 Microsoft Visio DXF File Handling Memory Validation Arbitrary Code Execution

44169 Microsoft Visio Object Header Data Handling Arbitrary Code Execution

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-04-10 IAVM : 2008-B-0034 - Microsoft VBScript and JScript Scripting Engines Remote Code Execution
Severity : Category II - VMSKEY : V0015940
2008-04-10 IAVM : 2008-T-0012 - Microsoft Visio Remote Code Execution Vulnerabilities
Severity : Category II - VMSKEY : V0015942

Snort® IPS/IDS

Date Description
2014-01-10 Microsoft Office Visio DXF file invalid memory allocation exploit attempt
RuleID : 28440 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Project Invalid Memory Pointer Code Execution attempt
RuleID : 17382 - Revision : 10 - Type : FILE-OTHER
2014-01-10 Microsoft Office Visio Object Header Buffer Overflow attempt
RuleID : 15163 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer data stream memory corruption attempt
RuleID : 13677 - Revision : 19 - Type : BROWSER-IE
2014-01-10 Microsoft Windows GDI emf filename buffer overflow attempt
RuleID : 13676 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Microsoft Help 2.0 Contents Control 2 ActiveX function call unicode access
RuleID : 13675 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access
RuleID : 13674 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Help 2.0 Contents Control 2 ActiveX clsid unicode access
RuleID : 13673 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access
RuleID : 13672 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Help 2.0 Contents Control ActiveX function call unicode access
RuleID : 13671 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Help 2.0 Contents Control ActiveX function call access
RuleID : 13670 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Help 2.0 Contents Control ActiveX clsid unicode access
RuleID : 13669 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Help 2.0 Contents Control ActiveX clsid access
RuleID : 13668 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 dns cache poisoning attempt
RuleID : 13667 - Revision : 19 - Type : PROTOCOL-DNS
2014-01-10 Microsoft Windows GDI integer overflow attempt
RuleID : 13666 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Office Visio DXF file invalid memory allocation exploit attempt
RuleID : 13665 - Revision : 20 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt
RuleID : 13449 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows vbscript/jscript scripting engine begin buffer overflow att...
RuleID : 13448 - Revision : 9 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2008-04-11 Name : Arbitrary code can be executed on the remote host through Microsoft Project.
File : smb_nt_ms08-018.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : Arbitrary code can be executed on the remote host through Visio.
File : smb_nt_ms08-019.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : The remote host is vulnerable to DNS spoofing.
File : smb_nt_ms08-020.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : Arbitrary code can be executed on the remote host by sending a malformed file...
File : smb_nt_ms08-021.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : Arbitrary code can be executed on the remote host through the web or email cl...
File : smb_nt_ms08-022.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : The remote Windows host has an ActiveX control that is affected by multiple b...
File : smb_nt_ms08-023.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms08-024.nasl - Type : ACT_GATHER_INFO
2008-04-08 Name : A local user can elevate his privileges on the remote host.
File : smb_nt_ms08-025.nasl - Type : ACT_GATHER_INFO