Executive Summary

Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA09-251A First vendor Publication 2009-09-08
Vendor US-CERT Last vendor Modification 2009-09-08
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates to address vulnerabilities in Microsoft Windows, and Windows Server

I. Description

Microsoft has released multiple security bulletins for critical vulnerabilities in Windows, and Windows Server. These bulletins are described in the Microsoft Security Bulletin Summary for September
2009.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for September 2009. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects.
Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA09-251A.html

CWE : Common Weakness Enumeration

% Id Name
71 % CWE-94 Failure to Control Generation of Code ('Code Injection')
14 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
14 % CWE-16 Configuration

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18890
 
Oval ID: oval:org.mitre.oval:def:18890
Title: CRITICAL PATCH UPDATE JULY 2012
Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Family: unix Class: vulnerability
Reference(s): CVE-2008-4609
Version: 3
Platform(s): Sun Solaris 10
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5531
 
Oval ID: oval:org.mitre.oval:def:5531
Title: Windows Media Playback Memory Corruption Vulnerability
Description: Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft Media Foundation on Windows Vista Gold, SP1, and SP2 and Server 2008; allows remote attackers to execute arbitrary code via an MP3 file with crafted metadata that triggers memory corruption, aka "Windows Media Playback Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2499
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Windows Media Format Runtime 11
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5965
 
Oval ID: oval:org.mitre.oval:def:5965
Title: TCP/IP Orphaned Connections Vulnerability
Description: Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1926
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6257
 
Oval ID: oval:org.mitre.oval:def:6257
Title: Windows Media Header Parsing Invalid Free Vulnerability
Description: Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2498
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Windows Media Format Runtime 9.0
Windows Media Format Runtime 9.5
Windows Media Format Runtime 11
Microsoft Media Services 9.1
Microsoft Media Services 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6271
 
Oval ID: oval:org.mitre.oval:def:6271
Title: DHTML Editing Component ActiveX Control Vulnerability
Description: The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-2519
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6316
 
Oval ID: oval:org.mitre.oval:def:6316
Title: JScript Remote Code Execution Vulnerability
Description: The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in Microsoft Windows, as used in Internet Explorer, does not properly load decoded scripts into memory before execution, which allows remote attackers to execute arbitrary code via a crafted web site that triggers memory corruption, aka "JScript Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1920
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): JScript Scripting Engine
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6340
 
Oval ID: oval:org.mitre.oval:def:6340
Title: TCP/IP Zero Window Size Vulnerability
Description: The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.
Family: windows Class: vulnerability
Reference(s): CVE-2008-4609
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6374
 
Oval ID: oval:org.mitre.oval:def:6374
Title: TCP/IP Timestamps Code Execution Vulnerability
Description: The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1925
Version: 1
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6389
 
Oval ID: oval:org.mitre.oval:def:6389
Title: Wireless Frame Parsing Remote Code Execution Vulnerability
Description: Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1132
Version: 3
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 4
Application 1
Application 2
Os 5
Os 12
Os 1458
Os 5
Os 69
Os 423
Os 1
Os 3
Os 8
Os 7
Os 6
Os 1
Os 33
Os 25
Os 3
Os 1

OpenVAS Exploits

Date Description
2010-12-06 Name : Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerabilit...
File : nvt/gb_ms09-049.nasl
2009-09-10 Name : Microsoft JScript Scripting Engine Remote Code Execution Vulnerability (971961)
File : nvt/secpod_ms09-045.nasl
2009-09-10 Name : Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability...
File : nvt/secpod_ms09-046.nasl
2009-09-10 Name : Microsoft Windows Media Format Remote Code Execution Vulnerability (973812)
File : nvt/secpod_ms09-047.nasl
2009-09-10 Name : Microsoft Windows TCP/IP Remote Code Execution Vulnerability (967723)
File : nvt/secpod_ms09-048.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
62144 F5 Multiple Products TCP/IP Implementation Queue Connection Saturation TCP St...

61133 Citrix Multiple Products TCP/IP Implementation Queue Connection Saturation TC...

59482 Blue Coat Multiple Products TCP/IP Implementation Queue Connection Saturation...

58614 McAfee Email and Web Security Appliance TCP/IP Implementation Queue Connectio...

58321 Check Point Multiple Products TCP/IP Implementation Queue Connection Saturati...

58189 Yamaha RT Series Routers TCP/IP Implementation Queue Connection Saturation TC...

57993 Solaris TCP/IP Implementation Queue Connection Saturation TCP State Table Rem...

57806 Microsoft Windows Wireless LAN AutoConfig Service (wlansvc) Frame Parsing Arb...

The vulnerability is caused due to an unspecified error in the Wireless LAN AutoConfig Service (wlansvc) when parsing certain wireless network frames. This can be exploited to cause a heap-based buffer overflow via a specially crafted frame received on the wireless network interface.
57804 Microsoft JScript Scripting Engine Memory Corruption Arbitrary Code Execution

57803 Microsoft Windows Media MP3 File Handling Memory Corruption

57802 Microsoft Windows Media ASF Header Parsing Invalid Free Arbitrary Code Execution

57798 Microsoft Windows DHTML Editing Component ActiveX Arbitrary Code Execution

57797 Microsoft Windows TCP/IP Orphaned Connection Handling Remote DoS

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a series of TCP sessions with pending data, and will result in loss of availability for the platform.
57796 Microsoft Windows TCP/IP Packet State Information Handling Remote Code Execution

57795 Microsoft Windows TCP/IP Implementation Queue Connection Saturation TCP State...

57794 Multiple BSD TCP/IP Implementation Queue Connection Saturation TCP State Tabl...

57793 Multiple Linux TCP/IP Implementation Queue Connection Saturation TCP State Ta...

50286 Cisco TCP/IP Implementation Queue Connection Saturation TCP State Table Remot...

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-09-10 IAVM : 2009-A-0078 - Microsoft Wireless LAN AutoConfig Service Vulnerability
Severity : Category I - VMSKEY : V0019913
2009-09-10 IAVM : 2009-A-0074 - Microsoft JScript Scripting Engine Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0019914
2009-09-10 IAVM : 2009-A-0075 - Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0019915
2009-09-10 IAVM : 2009-A-0076 - Multiple Vulnerabilities in Microsoft Windows Media Format
Severity : Category II - VMSKEY : V0019916
2009-09-10 IAVM : 2009-A-0077 - Multiple Microsoft TCP/IP Remote Code Execution Vulnerabilities
Severity : Category I - VMSKEY : V0019917

Snort® IPS/IDS

Date Description
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50893 - Revision : 1 - Type : FILE-MULTIMEDIA
2019-09-05 Microsoft Windows mp3 file malformed ID3 APIC header code execution attempt
RuleID : 50892 - Revision : 1 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 4148 - Revision : 23 - Type : BROWSER-PLUGINS
2016-03-14 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 36783 - Revision : 3 - Type : BROWSER-PLUGINS
2016-03-14 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 36782 - Revision : 3 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Media encryption sample ID header RCE attempt
RuleID : 23576 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media encryption sample ID header RCE attempt
RuleID : 23575 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media pixel aspect ratio header RCE attempt
RuleID : 23574 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media content type header RCE attempt
RuleID : 23573 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media file name header RCE attempt
RuleID : 23572 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media Timecode header RCE attempt
RuleID : 23571 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media sample duration header RCE attempt
RuleID : 23570 - Revision : 5 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media encryption sample ID header RCE attempt
RuleID : 19450 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media encryption sample ID header RCE attempt
RuleID : 19449 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media pixel aspect ratio header RCE attempt
RuleID : 19448 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media content type header RCE attempt
RuleID : 19447 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media file name header RCE attempt
RuleID : 19446 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media Timecode header RCE attempt
RuleID : 19445 - Revision : 13 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media sample duration header RCE attempt
RuleID : 19444 - Revision : 12 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media extended stream properties object RCE attempt
RuleID : 16338 - Revision : 5 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows TCP stack zero window size exploit attempt
RuleID : 16294 - Revision : 15 - Type : OS-WINDOWS
2014-01-10 DHTML Editing ActiveX function call unicode access
RuleID : 15925 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer DHTML Editing ActiveX clsid access
RuleID : 15924 - Revision : 16 - Type : BROWSER-PLUGINS
2014-01-10 DHTML Editing ActiveX clsid unicode access
RuleID : 15923 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft mp3 malformed APIC header RCE attempt
RuleID : 15920 - Revision : 10 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media encryption sample ID header RCE attempt
RuleID : 15919 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows Media pixel aspect ratio header RCE attempt
RuleID : 15918 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows Media content type header RCE attempt
RuleID : 15917 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows Media file name header RCE attempt
RuleID : 15916 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows Media Timecode header RCE attempt
RuleID : 15915 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows Media sample duration header RCE attempt
RuleID : 15914 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows javascript arguments keyword override rce attempt
RuleID : 15913 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 TCP window closed before receiving data
RuleID : 15912 - Revision : 10 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2014-10-10 Name : The remote device is missing a vendor-supplied security patch.
File : f5_bigip_SOL10509.nasl - Type : ACT_GATHER_INFO
2010-09-01 Name : The remote device is missing a vendor-supplied security patch.
File : cisco-sa-20090908-tcp24http.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : Arbitrary code can be executed on the remote host through the web or email cl...
File : smb_nt_ms09-045.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : Arbitrary code can be executed on the remote host through an ActiveX control.
File : smb_nt_ms09-046.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : Arbitrary code can be executed on the remote host through opening a Windows M...
File : smb_nt_ms09-047.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : Multiple vulnerabilities in the Windows TCP/IP implementation could lead to d...
File : smb_nt_ms09-048.nasl - Type : ACT_GATHER_INFO
2009-09-08 Name : Arbitrary code can be executed on the remote host through the Wireless LAN Au...
File : smb_nt_ms09-049.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-11-11 12:41:38
  • Multiple Updates