Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA09-041A | First vendor Publication | 2009-02-10 |
Vendor | US-CERT | Last vendor Modification | 2009-02-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has released updates that address vulnerabilities in Microsoft Windows and Windows Server. I. Description As part of the Microsoft Security Bulletin Summary for February II. Impact A remote, unauthenticated attacker could gain elevated privileges, execute arbitrary code or cause a vulnerable application to crash. III. Solution Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for February 2009. The security bulletin describes any known issues related to the updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA09-041A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
75 % | CWE-399 | Resource Management Errors |
12 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-20 | Improper Input Validation |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:6000 | |||
Oval ID: | oval:org.mitre.oval:def:6000 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0075 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6081 | |||
Oval ID: | oval:org.mitre.oval:def:6081 | ||
Title: | CSS Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0076 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6114 | |||
Oval ID: | oval:org.mitre.oval:def:6114 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0098 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 Microsoft Exchange Server 2007 Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6159 | |||
Oval ID: | oval:org.mitre.oval:def:6159 | ||
Title: | Literal Processing Vulnerability | ||
Description: | The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0099 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft Exchange Server 2000 Microsoft Exchange Server 2003 Microsoft Exchange Server MAPI Client and Collaboration Data Objects 1.2.1 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6172 | |||
Oval ID: | oval:org.mitre.oval:def:6172 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0096 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6179 | |||
Oval ID: | oval:org.mitre.oval:def:6179 | ||
Title: | Memory Validation Vulnerability | ||
Description: | Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0095 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6188 | |||
Oval ID: | oval:org.mitre.oval:def:6188 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0097 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6217 | |||
Oval ID: | oval:org.mitre.oval:def:6217 | ||
Title: | SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability | ||
Description: | Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier; SQL Server 2000 Desktop Engine (MSDE 2000) SP4; SQL Server 2005 SP2 and 9.00.1399.06; SQL Server 2000 Desktop Engine (WMSDE) on Windows Server 2003 SP1 and SP2; and Windows Internal Database (WYukon) SP2 allows remote authenticated users to cause a denial of service (access violation exception) or execute arbitrary code by calling the sp_replwritetovarbin extended stored procedure with a set of invalid parameters that trigger memory overwrite, aka "SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-5416 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Microsoft SQL Server 2000 Microsoft SQL Server 2005 Microsoft SQL Server 2000 Desktop Engine (WMSDE) Windows Internal Database (WYukon) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 3 | |
Application | 1 | |
Application | 2 | |
Application | 3 |
SAINT Exploits
Description | Link |
---|---|
Internet Explorer deleted object memory corruption | More info here |
Microsoft SQL Server spreplwritetovarbin Buffer Overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2012-03-16 | Name : VMSA-2011-0003.2 Third party component updates for VMware vCenter Server, vCe... File : nvt/gb_VMSA-2011-0003.nasl |
2009-02-11 | Name : Cumulative Security Update for Internet Explorer (961260) File : nvt/secpod_ms09-002.nasl |
2009-02-11 | Name : Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (959239) File : nvt/secpod_ms09-003.nasl |
2009-02-11 | Name : Vulnerabilities in Microsoft Office Visio Could Allow Remote Code Execution (... File : nvt/secpod_ms09-005.nasl |
2008-12-16 | Name : Microsoft SQL Server sp_replwritetovarbin() BOF Vulnerability File : nvt/gb_mssql_sp_replwritetovarbin_bof_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
51840 | Microsoft IE XHTML Strict Mode CSS Handling Memory Corruption Arbitrary Code ... A memory corruption flaw exists in Internet Explorer. The program fails to validate CSS styles resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
51839 | Microsoft IE Document Object Handling Memory Corruption Arbitrary Code Execution A memory corruption flaw exists in Internet Explorer. The program fails to validate web page content resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
51838 | Microsoft Exchange Server EMSMDB2 Invalid MAPI Command Remote DoS Exchange Server contains a flaw that may allow a remote denial of service. The issue is triggered when the EMSMDB2 encounters a malformed MAPI message, and will result in loss of availability for the System Attendant service. |
51837 | Microsoft Exchange Server Message Transport Neutral Encapsulation Format (TNE... A memory corruption flaw exists in Exchange Server. It fails to validate TNEF data resulting in memory corruption. With a specially crafted message, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
51836 | Microsoft Office Visio File Opening Memory Functions Arbitrary Code Execution An unspecified memory corruption flaw exists in Visio. The application fails to validate Visio files resulting in memory corruption. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
51835 | Microsoft Office Visio Object Data Memory Functions Arbitrary Code Execution A memory corruption flaw exists in Visio. The program fails to validate object data in documents resulting in memory corruption. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
51834 | Microsoft Office Visio File Opening Object Data Handling Arbitrary Code Execu... |
50589 | Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow An overflow exists in Microsoft SQL Server 2000. The sp_replwritetovarbin() stored procedure fails to check invalid parameters, trigger memory overwrite, resulting in a heap overflow. With a specially crafted request, an attacker can cause a denial of service or execute arbitrary code resulting in a loss of integrity and/or availability. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2011-05-12 | IAVM : 2011-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0027158 |
2009-02-12 | IAVM : 2009-A-0012 - Microsoft SQL Server Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0018387 |
2009-02-12 | IAVM : 2009-A-0013 - Multiple Remote Code Execution Vulnerabilities in Microsoft Exchange Severity : Category I - VMSKEY : V0018388 |
Snort® IPS/IDS
Date | Description |
---|---|
2018-01-11 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 45154 - Revision : 2 - Type : BROWSER-IE |
2015-03-17 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 33495 - Revision : 2 - Type : BROWSER-IE |
2015-03-17 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 33494 - Revision : 2 - Type : BROWSER-IE |
2015-03-17 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 33493 - Revision : 2 - Type : BROWSER-IE |
2015-03-17 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 33492 - Revision : 3 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 29806 - Revision : 2 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 29805 - Revision : 2 - Type : BROWSER-IE |
2014-03-15 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 29804 - Revision : 2 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio VSD file icon memory corruption attempt RuleID : 24815 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer object clone deletion memory corruption RuleID : 21086 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio VSD file icon memory corruption attempt RuleID : 18515 - Revision : 18 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer object clone deletion memory corruption attempt RuleID : 17644 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object clone deletion memory corruption attempt -... RuleID : 16339 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio invalid ho tag attempt RuleID : 16318 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 16169 - Revision : 15 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer dynamic style update memory corruption attempt RuleID : 15305 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object clone deletion memory corruption attempt RuleID : 15304 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Visio Malformed IconBitsComponent arbitrary code execution a... RuleID : 15303 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows Exchange System Attendant denial of service attempt RuleID : 15302 - Revision : 13 - Type : SERVER-MAIL |
2014-01-10 | Exchange compressed RTF remote code execution attempt RuleID : 15301 - Revision : 5 - Type : SERVER-MAIL |
2014-01-10 | Microsoft Office Visio invalid ho tag attempt RuleID : 15299 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Visio could allow remote code execution RuleID : 15298 - Revision : 12 - Type : FILE-OFFICE |
2014-01-10 | sp_replwritetovarbin vulnerable function attempt RuleID : 15144 - Revision : 12 - Type : SERVER-MSSQL |
2014-01-10 | sp_replwritetovarbin unicode vulnerable function attempt RuleID : 15143 - Revision : 15 - Type : SERVER-MSSQL |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt RuleID : 15142 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx a... RuleID : 15141 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt RuleID : 15140 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt RuleID : 15139 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unic... RuleID : 15138 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unic... RuleID : 15137 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt RuleID : 15136 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx... RuleID : 15135 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode attempt RuleID : 15134 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function unicode andx a... RuleID : 15133 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function attempt RuleID : 15132 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function andx attempt RuleID : 15131 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unic... RuleID : 15130 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX unic... RuleID : 15129 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX attempt RuleID : 15128 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows SMB sp_replwritetovarbin vulnerable function WriteAndX andx... RuleID : 15127 - Revision : 10 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2018-04-03 | Name : Arbitrary code can be executed on the remote host through the email server. File : exchange_ms09-003.nasl - Type : ACT_GATHER_INFO |
2016-03-04 | Name : The remote VMware ESX / ESXi host is missing a security-related patch. File : vmware_VMSA-2011-0003_remote.nasl - Type : ACT_GATHER_INFO |
2011-02-14 | Name : The remote VMware ESXi / ESX host is missing one or more security-related pat... File : vmware_VMSA-2011-0003.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : A database application installed on the remote host is affected by a remote c... File : smb_kb959420.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms09-002.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : Arbitrary code can be executed on the remote host through the email server. File : smb_nt_ms09-003.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : Arbitrary code can be executed on the remote host through Microsoft SQL Server. File : smb_nt_ms09-004.nasl - Type : ACT_GATHER_INFO |
2009-02-11 | Name : Arbitrary code can be executed on the remote host through Visio. File : smb_nt_ms09-005.nasl - Type : ACT_GATHER_INFO |