Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA09-104A | First vendor Publication | 2009-04-14 |
Vendor | US-CERT | Last vendor Modification | 2009-04-14 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, Windows Server, and ISA Server. I. Description As part of the Microsoft Security Bulletin Summary for April 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Office, Windows Server, and ISA Server. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash. III. Solution Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for April 2009. The security bulletin describes any known issues related to the updates. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA09-104A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
28 % | CWE-399 | Resource Management Errors |
22 % | CWE-264 | Permissions, Privileges, and Access Controls |
17 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
11 % | CWE-20 | Improper Input Validation |
6 % | CWE-269 | Improper Privilege Management |
6 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
6 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
6 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5320 | |||
Oval ID: | oval:org.mitre.oval:def:5320 | ||
Title: | Windows HTTP Services Credential Reflection Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0550 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5551 | |||
Oval ID: | oval:org.mitre.oval:def:5551 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0552 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5618 | |||
Oval ID: | oval:org.mitre.oval:def:5618 | ||
Title: | MJPEG Decompression Vulnerability | ||
Description: | Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0084 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | DirectX |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5723 | |||
Oval ID: | oval:org.mitre.oval:def:5723 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0554 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5736 | |||
Oval ID: | oval:org.mitre.oval:def:5736 | ||
Title: | Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability | ||
Description: | The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0088 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Word 2000 Microsoft Office Converter Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5771 | |||
Oval ID: | oval:org.mitre.oval:def:5771 | ||
Title: | Cross-Site Scripting Vulnerability | ||
Description: | Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML forms authentication component in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2006, 2006 Supportability Update, and 2006 SP1; allows remote attackers to inject arbitrary web script or HTML via "authentication input" to this component, aka "Cross-Site Scripting Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0237 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 | Product(s): | Microsoft Forefront Threat Management Gateway Microsoft Internet Security and Acceleration Server 2006 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5782 | |||
Oval ID: | oval:org.mitre.oval:def:5782 | ||
Title: | Blended Threat Elevation of Privilege Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5799 | |||
Oval ID: | oval:org.mitre.oval:def:5799 | ||
Title: | WordPad and Office Text Converter Memory Corruption Vulnerability | ||
Description: | Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0087 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Word 2000 Microsoft Word 2002 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5891 | |||
Oval ID: | oval:org.mitre.oval:def:5891 | ||
Title: | Microsoft Distributed Transaction Coordinator Service Isolation Vulnerability | ||
Description: | Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1436 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Distributed Transaction Coordinator |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5893 | |||
Oval ID: | oval:org.mitre.oval:def:5893 | ||
Title: | WordPad Word 97 Text Converter Stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0235 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5968 | |||
Oval ID: | oval:org.mitre.oval:def:5968 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel Viewer 2003 Gold and SP3; Excel Viewer; Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1; and Excel in Microsoft Office 2004 and 2008 for Mac allow remote attackers to execute arbitrary code via a crafted Excel document that triggers an access attempt on an invalid object, as exploited in the wild in February 2009 by Trojan.Mdropper.AC. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0238 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6027 | |||
Oval ID: | oval:org.mitre.oval:def:6027 | ||
Title: | Windows HTTP Services Certificate Name Mismatch Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0089 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6043 | |||
Oval ID: | oval:org.mitre.oval:def:6043 | ||
Title: | Memory Corruption Vulnerability | ||
Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; Excel in Microsoft Office 2004 and 2008 for Mac; Microsoft Office Excel Viewer and Excel Viewer 2003 SP3; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 do not properly parse the Excel spreadsheet file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that contains a malformed object with "an offset and a two-byte value" that trigger a memory calculation error, aka "Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0100 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer Microsoft Office Compatibility Pack |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6050 | |||
Oval ID: | oval:org.mitre.oval:def:6050 | ||
Title: | WordPad Word 97 Text Converter Stack Overflow Vulnerability | ||
Description: | The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-4841 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6068 | |||
Oval ID: | oval:org.mitre.oval:def:6068 | ||
Title: | Web Proxy TCP State Limited Denial of Service Vulnerability | ||
Description: | The firewall engine in Microsoft Forefront Threat Management Gateway, Medium Business Edition (TMG MBE); and Internet Security and Acceleration (ISA) Server 2004 SP3, 2006, 2006 Supportability Update, and 2006 SP1; does not properly manage the session state of web listeners, which allows remote attackers to cause a denial of service (many stale sessions) via crafted packets, aka "Web Proxy TCP State Limited Denial of Service Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0077 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Forefront Threat Management Gateway Microsoft Internet Security and Acceleration Server 2004 Microsoft Internet Security and Acceleration Server 2006 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6069 | |||
Oval ID: | oval:org.mitre.oval:def:6069 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0553 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6108 | |||
Oval ID: | oval:org.mitre.oval:def:6108 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6147 | |||
Oval ID: | oval:org.mitre.oval:def:6147 | ||
Title: | Windows RPCSS Service Isolation Vulnerability | ||
Description: | The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0079 | Version: | 4 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6149 | |||
Oval ID: | oval:org.mitre.oval:def:6149 | ||
Title: | Windows HTTP Services Integer Underflow Vulnerability | ||
Description: | Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0086 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6164 | |||
Oval ID: | oval:org.mitre.oval:def:6164 | ||
Title: | Page Transition Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0551 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6177 | |||
Oval ID: | oval:org.mitre.oval:def:6177 | ||
Title: | Windows Thread Pool ACL Weakness Vulnerability | ||
Description: | The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by leveraging incorrect thread ACLs to access the resources of one of the processes, aka "Windows Thread Pool ACL Weakness Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0080 | Version: | 6 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6193 | |||
Oval ID: | oval:org.mitre.oval:def:6193 | ||
Title: | Windows WMI Service Isolation Vulnerability | ||
Description: | The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0078 | Version: | 6 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7569 | |||
Oval ID: | oval:org.mitre.oval:def:7569 | ||
Title: | WinINet and Windows HTTP Services Credential Reflection Vulnerability | ||
Description: | Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0550 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:8509 | |||
Oval ID: | oval:org.mitre.oval:def:8509 | ||
Title: | Blended Threat Remote Code Execution Vulnerability | ||
Description: | Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2540 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Internet Explorer WinINet credential reflection vulnerability | More info here |
Microsoft WordPad Word97 text converter buffer overflow | More info here |
Microsoft WordPad Word 97 text converter XST buffer overflow | More info here |
Microsoft Excel SST record code execution | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-23 | Name : Microsoft ISA Server and Forefront Threat Management Gateway DoS Vulnerabilit... File : nvt/secpod_ms09-016.nasl |
2009-04-15 | Name : Microsoft DirectShow Remote Code Execution Vulnerability (961373) File : nvt/secpod_ms09-011.nasl |
2009-04-15 | Name : Vulnerabilities in Windows Could Allow Elevation of Privilege (959454) File : nvt/secpod_ms09-012.nasl |
2009-04-15 | Name : Windows HTTP Services Could Allow Remote Code Execution Vulnerabilities (960803) File : nvt/secpod_ms09-013.nasl |
2009-04-15 | Name : Microsoft Internet Explorer Remote Code Execution Vulnerability (963027) File : nvt/secpod_ms09-014.nasl |
2009-04-15 | Name : Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege... File : nvt/secpod_ms09-015.nasl |
2009-03-18 | Name : Microsoft Excel Remote Code Execution Vulnerabilities (968557) File : nvt/secpod_ms_excel_remote_code_exec_vuln.nasl |
2008-12-12 | Name : WordPad and Office Text Converter Memory Corruption Vulnerability (960477) File : nvt/secpod_ms_wordpad_mult_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
53668 | Microsoft Windows ThreadPool ACL Enforcement Weakness Local Privilege Escalation |
53667 | Microsoft Windows RPCSS Service Isolation Local Privilege Escalation |
53666 | Microsoft Windows Management Instrumentation (WMI) Service Isolation Local Pr... |
53665 | Microsoft Office Excel Malformed Object Handling Memory Corruption |
53664 | Microsoft WordPad Word 97 Text Converter File Handling Overflow |
53663 | Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack ... |
53662 | Microsoft WordPad / Office Text Converter Malformed Data Handling Memory Corr... |
53637 | Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Forms Authen... |
53636 | Microsoft ISA Server / Forefront Threat Management Gateway (TMG) Web Proxy TC... |
53632 | Microsoft DirectShow MJPEG Decompression Unspecified Arbitrary Code Execution |
53627 | Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2... |
53626 | Microsoft IE EMBED Element Handling Memory Corruption Arbitrary Code Execution |
53625 | Microsoft IE Unitialized Object Memory Corruption Arbitrary Code Execution (2... |
53624 | Microsoft IE Page Transition Unspecified Memory Corruption Arbitrary Code Exe... |
53623 | Microsoft Windows SearchPath File Open / Locating Unspecified Arbitrary Code ... |
53621 | Microsoft Windows HTTP Services Digital Certificate Distinguished Name Mismat... |
53620 | Microsoft Windows HTTP Services Web Server Response Unspecified Integer Under... A memory corruption flaw exists in Windows. WinHTTP.dll fails to properly parse the HTTP chunksize parameter resulting in an integer underflow. With a specially crafted HTTP response, a context-dependent attacker can cause arbitrary code execution, resulting in a loss of integrity. |
53619 | Microsoft Windows HTTP Services NTLM Credential Replay Privileged Code Execution |
52695 | Microsoft Office Excel Crafted Document Invalid Object Reference Unspecified ... |
50567 | Microsoft Windows WordPad Text Converter Unspecified Memory Corruption |
45892 | Apple Safari on Mac OS X Default Download Location Unspecified Arbitrary Code... |
44580 | Microsoft Windows Microsoft Distributed Transaction Coordinator (MSDTC) SeImp... |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2009-04-19 | IAVM : 2009-A-0034 - Microsoft Windows HTTP Services Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0018756 |
2009-04-16 | IAVM : 2009-A-0032 - Multiple Vulnerabilities in WordPad and Office Text Converters Severity : Category I - VMSKEY : V0018752 |
2009-04-16 | IAVM : 2009-T-0021 - Microsoft Windows SearchPath Blended Threat Vulnerability Severity : Category II - VMSKEY : V0018776 |
2009-04-16 | IAVM : 2009-T-0022 - Multiple Vulnerabilities in Microsoft ISA Server and Microsoft Forefront Thre... Severity : Category II - VMSKEY : V0018781 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31032 - Revision : 2 - Type : FILE-OFFICE |
2014-06-19 | Microsoft Office Word WordPerfect converter buffer overflow attempt RuleID : 31031 - Revision : 2 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel malformed ftCMO record remote code execution attempt RuleID : 26711 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 23557 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 23556 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 23356 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer History.go method double free corruption attempt RuleID : 18482 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer EMBED element memory corruption attempt RuleID : 17729 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 17723 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Internet Explorer EMBED element memory corruption attempt RuleID : 17709 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer marquee object handling memory corruption attempt RuleID : 17462 - Revision : 13 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17406 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17405 - Revision : 11 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word Converter XST structure buffer overflow attempt RuleID : 17404 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat attempt RuleID : 16319 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft ISA and Forefront Threat Management Web Proxy TCP Listener denial o... RuleID : 16221 - Revision : 12 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows DirectShow MJPEG arbitrary code execution attempt RuleID : 16187 - Revision : 11 - Type : OS-WINDOWS |
2014-01-10 | Telnet-based NTLM replay attack attempt RuleID : 15847 - Revision : 14 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows ISA Server cross-site scripting attempt RuleID : 15475 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft ISA Server and Forefront Threat Management Gateway invalid RST deni... RuleID : 15474 - Revision : 8 - Type : SERVER-OTHER |
2014-01-10 | IIS ASP/ASP.NET potentially malicious file upload attempt RuleID : 15470 - Revision : 8 - Type : FILE-EXECUTABLE |
2014-01-10 | Microsoft Office WordPad and Office text converters integer underflow attempt RuleID : 15469 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Apple Safari-Internet Explorer SearchPath blended threat dll request RuleID : 15468 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office WordPad and Office Text Converters PlcPcd aCP buffer overflo... RuleID : 15467 - Revision : 17 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office WordPad WordPerfect 6.x converter buffer overflow attempt RuleID : 15466 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Excel malformed object record remote code execution attempt RuleID : 15465 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Multiple web browsers HTTP chunked transfer-encoding memory corruption attempt RuleID : 15462 - Revision : 20 - Type : BROWSER-OTHER |
2014-01-10 | Microsoft Internet Explorer marquee tag onstart memory corruption RuleID : 15461 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer ActiveX load/unload race condition attempt RuleID : 15460 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer deleted/unitialized object memory corruption attempt RuleID : 15459 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer navigating between pages race condition attempt RuleID : 15458 - Revision : 8 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows DirectShow MJPEG arbitrary code execution attempt RuleID : 15457 - Revision : 9 - Type : OS-WINDOWS |
2014-01-10 | WinHTTP SSL/TLS impersonation attempt RuleID : 15456 - Revision : 6 - Type : SERVER-OTHER |
2014-01-10 | Microsoft Office WordPad and Office Text Converters XST parsing buffer overfl... RuleID : 15455 - Revision : 9 - Type : FILE-OFFICE |
2014-01-10 | SMB replay attempt via NTLMSSP - overlapping encryption keys detected RuleID : 15453 - Revision : 16 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Excel extrst record arbitrary code excecution attempt RuleID : 15365 - Revision : 16 - Type : FILE-OFFICE |
2014-01-10 | Web-based NTLM replay attack attempt RuleID : 15124 - Revision : 17 - Type : OS-WINDOWS |
2014-01-10 | possible SMB replay attempt - overlapping encryption keys detected RuleID : 15009 - Revision : 22 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms09-009.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : It is possible to execute arbitrary code on the remote Windows host using Mic... File : smb_nt_ms09-009.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : It is possible to execute arbitrary code on the remote Windows host using a t... File : smb_nt_ms09-010.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : It is possible to execute arbitrary code on the remote Windows host using Dir... File : smb_nt_ms09-011.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : A local user can elevate his privileges on the remote host. File : smb_nt_ms09-012.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : The remote host contains an API that is affected by multiple vulnerabilities. File : smb_nt_ms09-013.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms09-014.nasl - Type : ACT_GATHER_INFO |
2009-04-15 | Name : The remote host may allow remote code execution. File : smb_nt_ms09-015.nasl - Type : ACT_GATHER_INFO |
2009-04-14 | Name : The remote host contains an application that is affected by multiple vulnerab... File : smb_nt_ms09-016.nasl - Type : ACT_GATHER_INFO |
2008-06-20 | Name : The remote host contains a web browser that is affected by several issues. File : safari_3_1_2.nasl - Type : ACT_GATHER_INFO |