Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA08-162B | First vendor Publication | 2008-06-10 |
Vendor | US-CERT | Last vendor Modification | 2008-06-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, and Internet Explorer. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the June 2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-162B.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
CAPEC-7 | Blind SQL Injection |
CAPEC-8 | Buffer Overflow in an API Call |
CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
CAPEC-10 | Buffer Overflow via Environment Variables |
CAPEC-13 | Subverting Environment Variable Values |
CAPEC-14 | Client-side Injection-induced Buffer Overflow |
CAPEC-18 | Embedding Scripts in Nonscript Elements |
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-24 | Filter Failure through Buffer Overflow |
CAPEC-28 | Fuzzing |
CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
CAPEC-32 | Embedding Scripts in HTTP Query Strings |
CAPEC-42 | MIME Conversion |
CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
CAPEC-45 | Buffer Overflow via Symbolic Links |
CAPEC-46 | Overflow Variables and Tags |
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CAPEC-52 | Embedding NULL Bytes |
CAPEC-53 | Postfix, Null Terminate, and Backslash |
CAPEC-63 | Simple Script Injection |
CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
CAPEC-66 | SQL Injection |
CAPEC-67 | String Format Overflow in syslog() |
CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
CAPEC-72 | URL Encoding |
CAPEC-73 | User-Controlled Filename |
CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
CAPEC-79 | Using Slashes in Alternate Encoding |
CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
CAPEC-81 | Web Logs Tampering |
CAPEC-83 | XPath Injection |
CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
CAPEC-88 | OS Command Injection |
CAPEC-91 | XSS in IMG Tags |
CAPEC-99 | XML Parser Attack |
CAPEC-101 | Server Side Include (SSI) Injection |
CAPEC-104 | Cross Zone Scripting |
CAPEC-106 | Cross Site Scripting through Log Files |
CAPEC-108 | Command Line Execution through SQL Injection |
CAPEC-109 | Object Relational Mapping Injection |
CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
CAPEC-171 | Variable Manipulation |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-20 | Improper Input Validation |
40 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4730 | |||
Oval ID: | oval:org.mitre.oval:def:4730 | ||
Title: | Bluetooth Vulnerability | ||
Description: | The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1453 | Version: | 5 |
Platform(s): | Microsoft Windows XP Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4910 | |||
Oval ID: | oval:org.mitre.oval:def:4910 | ||
Title: | Windows Active Directory Denial of Service Vulnerability | ||
Description: | Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1445 | Version: | 10 |
Platform(s): | Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5236 | |||
Oval ID: | oval:org.mitre.oval:def:5236 | ||
Title: | MJPEG Decoder Vulnerability | ||
Description: | Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0011 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | DirectX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5291 | |||
Oval ID: | oval:org.mitre.oval:def:5291 | ||
Title: | Request Header Cross-Domain Information Disclosure Vulnerability | ||
Description: | The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1544 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5473 | |||
Oval ID: | oval:org.mitre.oval:def:5473 | ||
Title: | PGM Invalid Length Vulnerability | ||
Description: | Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1440 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5562 | |||
Oval ID: | oval:org.mitre.oval:def:5562 | ||
Title: | SAMI Format Parsing Vulnerability | ||
Description: | Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1444 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 | Product(s): | DirectX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5582 | |||
Oval ID: | oval:org.mitre.oval:def:5582 | ||
Title: | WINS Memory Overwrite Vulnerability | ||
Description: | The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1451 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5604 | |||
Oval ID: | oval:org.mitre.oval:def:5604 | ||
Title: | PGM Malformed Fragment Vulnerability | ||
Description: | Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1441 | Version: | 3 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5720 | |||
Oval ID: | oval:org.mitre.oval:def:5720 | ||
Title: | HTML Objects Memory Corruption Vulnerability | ||
Description: | Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1442 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-01-18 | Name : Microsoft Active Directory Denial of Service Vulnerability (953235) File : nvt/gb_ms08-035.nasl |
2011-01-10 | Name : Microsoft Windows Speech Components Voice Recognition Command Execution Vulne... File : nvt/gb_ms08-032.nasl |
2011-01-10 | Name : Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability ... File : nvt/gb_ms08-036.nasl |
2008-09-30 | Name : Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376) File : nvt/gb_ms08-030.nasl |
2008-09-30 | Name : Vulnerabilities in DirectX Could Allow Remote Code Execution (951698) File : nvt/gb_ms08-033.nasl |
2008-09-29 | Name : Cumulative Security Update for Internet Explorer (950759) File : nvt/gb_ms08-031.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
46087 | Logitech Desktop Messenger BackWeb ActiveX Unspecified Overflow |
46084 | Microsoft IE Request Header Handling Cross-domain Information Disclosure |
46083 | Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution A memory corruption flaw exists in Internet Explorer. IE fails to validate HTML objects resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
46076 | BackWeb Lite Install Runner LiteInstActivator.dll ActiveX (LiteInstActivator.... |
46068 | Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS |
46067 | Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS |
46066 | Microsoft Windows Active Directory LDAP Request Processing Remote DoS |
46065 | Microsoft DirectX SAMI File Format Processing Arbitrary Code Execution |
46064 | Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution |
46063 | Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privileg... |
46062 | Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution |
46061 | Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution A code execution flaw exists in Windows. The Bluetooth stack fails to validate Service Delivery Protocol (SDP) packets resulting in potential code execution. With a large number of specially crafted SDP packets, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
43606 | Microsoft IE XMLHttpRequest() Multiple Header Overwrite HTTP Response Splitting |
33627 | Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-06-26 | IAVM : 2008-B-0049 - Microsoft Bluetooth Stack Remote Code Execution Vulnerability (951376) Severity : Category I - VMSKEY : V0016051 |
2008-06-12 | IAVM : 2008-T-0025 - Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerabilities Severity : Category I - VMSKEY : V0016038 |
2008-06-12 | IAVM : 2008-A-0041 - Microsoft Active Directory Denial of Service Vulnerability Severity : Category I - VMSKEY : V0016040 |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt RuleID : 37153 - Revision : 1 - Type : FILE-MULTIMEDIA |
2016-03-14 | Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt RuleID : 37152 - Revision : 1 - Type : FILE-MULTIMEDIA |
2016-03-14 | Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt RuleID : 37151 - Revision : 1 - Type : FILE-MULTIMEDIA |
2016-03-14 | Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt RuleID : 36434 - Revision : 2 - Type : BROWSER-PLUGINS |
2016-03-14 | Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt RuleID : 36433 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Pragmatic General Multicast Protocol memory consumption den... RuleID : 17667 - Revision : 6 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Internet Explorer setRequestHeader overflow attempt RuleID : 17385 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer setRequestHeader overflow attempt RuleID : 17384 - Revision : 7 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt RuleID : 15995 - Revision : 16 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Active Directory LDAP cookie denial of service attempt RuleID : 13835 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Internet Explorer request header overwrite RuleID : 13834 - Revision : 18 - Type : BROWSER-IE |
2014-01-10 | backweb ActiveX clsid unicode access RuleID : 13833 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer backweb ActiveX clsid access RuleID : 13832 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | sapi.dll alternate killbit ActiveX clsid unicode access RuleID : 13831 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt RuleID : 13830 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | sapi.dll ActiveX clsid unicode access RuleID : 13829 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt RuleID : 13828 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows PGM denial of service attempt RuleID : 13827 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft WINS arbitrary memory modification attempt RuleID : 13826 - Revision : 6 - Type : OS-WINDOWS |
2014-01-10 | Microsoft PGM fragment denial of service attempt RuleID : 13825 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt RuleID : 13824 - Revision : 15 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft Windows DirectX SAMI file parsing buffer overflow attempt RuleID : 13823 - Revision : 14 - Type : FILE-MULTIMEDIA |
2014-01-10 | Microsoft XML substringData integer overflow attempt RuleID : 12279 - Revision : 15 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-06-12 | Name : It is possible to crash Active Directory on the remote host. File : smb_nt_ms08-035.nasl - Type : ACT_GATHER_INFO |
2008-06-11 | Name : Arbitrary code can be executed on the remote host through Bluetooth. File : smb_nt_ms08-030.nasl - Type : ACT_GATHER_INFO |
2008-06-10 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-031.nasl - Type : ACT_GATHER_INFO |
2008-06-10 | Name : The remote Windows host has an ActiveX control that is affected by multiple m... File : smb_nt_ms08-032.nasl - Type : ACT_GATHER_INFO |
2008-06-10 | Name : A vulnerability in DirectX could allow remote code execution. File : smb_nt_ms08-033.nasl - Type : ACT_GATHER_INFO |
2008-06-10 | Name : The remote WINS service can be abused to escalate privileges. File : smb_nt_ms08-034.nasl - Type : ACT_GATHER_INFO |
2008-06-10 | Name : An unauthenticated attacker can crash the remote host. File : smb_nt_ms08-036.nasl - Type : ACT_GATHER_INFO |