Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA08-099A | First vendor Publication | 2008-04-08 |
Vendor | US-CERT | Last vendor Modification | 2008-04-08 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, and Office. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Office as part of the Microsoft Security Bulletin Summary for April 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a denial of service. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the April |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-099A.html |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-59 | Session Credential Falsification through Prediction |
CAPEC-112 | Brute Force |
CAPEC-281 | Analytic Attacks |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
20 % | CWE-399 | Resource Management Errors |
20 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
10 % | CWE-330 | Use of Insufficiently Random Values |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5314 | |||
Oval ID: | oval:org.mitre.oval:def:5314 | ||
Title: | DNS Spoofing Attack Vulnerability | ||
Description: | The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0087 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5344 | |||
Oval ID: | oval:org.mitre.oval:def:5344 | ||
Title: | Microsoft Office Visio Memory Validation Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1090 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5384 | |||
Oval ID: | oval:org.mitre.oval:def:5384 | ||
Title: | Project Memory Validation Vulnerability | ||
Description: | Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1088 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Project 2000 Microsoft Project 2002 Microsoft Project 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5437 | |||
Oval ID: | oval:org.mitre.oval:def:5437 | ||
Title: | Windows Kernel Vulnerability | ||
Description: | Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1084 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5441 | |||
Oval ID: | oval:org.mitre.oval:def:5441 | ||
Title: | GDI Heap Overflow Vulnerability | ||
Description: | Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1083 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5495 | |||
Oval ID: | oval:org.mitre.oval:def:5495 | ||
Title: | VBScript and JScript Remote Code Execution Vulnerability | ||
Description: | The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0083 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5496 | |||
Oval ID: | oval:org.mitre.oval:def:5496 | ||
Title: | Microsoft Office Visio Object Header Vulnerability | ||
Description: | Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1089 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Office Visio 2002 Microsoft Office Visio 2003 Microsoft Office Visio 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5563 | |||
Oval ID: | oval:org.mitre.oval:def:5563 | ||
Title: | Data Stream Handling Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1085 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5580 | |||
Oval ID: | oval:org.mitre.oval:def:5580 | ||
Title: | GDI stack Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1087 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Windows GDI EMF filename buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-10 | Name : Microsoft Windows DNS Client Service Response Spoofing Vulnerability (945553) File : nvt/gb_ms08-020.nasl |
2011-01-10 | Name : Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability (948881) File : nvt/gb_ms08-023.nasl |
2011-01-10 | Name : Microsoft Internet Explorer Data Stream Handling Remote Code Execution Vulner... File : nvt/gb_ms08-024.nasl |
2011-01-10 | Name : Microsoft Windows Kernel Usermode Callback Local Privilege Elevation Vulnerab... File : nvt/gb_ms08-025.nasl |
2008-09-03 | Name : Windows vulnerability in DNS Client Could Allow Spoofing (945553) File : nvt/win_CVE-2008-0087.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44215 | Microsoft Windows GDI EMF Filename Parameter Handling Overflow A buffer overflow exists in Windows. GDI fails to validate EMF files resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44214 | Microsoft Windows GDI WMF Handling CreateDIBPatternBrushPt Function Overflow A buffer overflow exists in Windows. GDI fails to validate EMF and WMF image files resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44213 | Microsoft Windows GDI (gdi32.dll) EMF File Handling Multiple Overflows A heap overflow overflow exists in Windows. gdi32.dll fails to validate EMF files resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44212 | Microsoft Project File Handling Unspecified Arbitrary Code Execution An unspecified memory corruption flaw exists in Project. With a specially crafted Project file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44211 | Microsoft Vbscript.dll VBScript Decoding Code Execution A code execution flaw exists in Windows. Vbscript.dll fails to validate scripts provided by web pages resulting in unauthorized code execution. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44210 | Microsoft Jscript.dll JScript Arbitrary Code Execution An unspecified code execution flaw exists in Windows. Jscript.dll fails to validate scripts provided by web pages resulting in code execution. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44206 | Microsoft Windows Kernel Unspecified Privilege Escalation Microsoft Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. This flaw may lead to a loss of integrity. |
44205 | Microsoft IE Data Stream Handling Memory Corruption A memory corruption flaw exists in Internet Explorer. The program fails to validate data streams resulting in a use-after-free condition. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
44172 | Microsoft Windows DNS Client Predictable Transaction ID Spoofing |
44171 | Microsoft Windows HxTocCtrl ActiveX (hxvz.dll) Memory Corruption |
44170 | Microsoft Visio DXF File Handling Memory Validation Arbitrary Code Execution |
44169 | Microsoft Visio Object Header Data Handling Arbitrary Code Execution |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-04-10 | IAVM : 2008-B-0034 - Microsoft VBScript and JScript Scripting Engines Remote Code Execution Severity : Category II - VMSKEY : V0015940 |
2008-04-10 | IAVM : 2008-T-0012 - Microsoft Visio Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0015942 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Office Visio DXF file invalid memory allocation exploit attempt RuleID : 28440 - Revision : 2 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Project Invalid Memory Pointer Code Execution attempt RuleID : 17382 - Revision : 10 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Visio Object Header Buffer Overflow attempt RuleID : 15163 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer data stream memory corruption attempt RuleID : 13677 - Revision : 19 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows GDI emf filename buffer overflow attempt RuleID : 13676 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Help 2.0 Contents Control 2 ActiveX function call unicode access RuleID : 13675 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control 2 ActiveX function call access RuleID : 13674 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Help 2.0 Contents Control 2 ActiveX clsid unicode access RuleID : 13673 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control 2 ActiveX clsid access RuleID : 13672 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Help 2.0 Contents Control ActiveX function call unicode access RuleID : 13671 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control ActiveX function call access RuleID : 13670 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Help 2.0 Contents Control ActiveX clsid unicode access RuleID : 13669 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Help 2.0 Contents Control ActiveX clsid access RuleID : 13668 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | dns cache poisoning attempt RuleID : 13667 - Revision : 19 - Type : PROTOCOL-DNS |
2014-01-10 | Microsoft Windows GDI integer overflow attempt RuleID : 13666 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Office Visio DXF file invalid memory allocation exploit attempt RuleID : 13665 - Revision : 20 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Windows vbscript/jscript scripting engine end buffer overflow attempt RuleID : 13449 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows vbscript/jscript scripting engine begin buffer overflow att... RuleID : 13448 - Revision : 9 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2008-04-11 | Name : Arbitrary code can be executed on the remote host through Microsoft Project. File : smb_nt_ms08-018.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : Arbitrary code can be executed on the remote host through Visio. File : smb_nt_ms08-019.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : The remote host is vulnerable to DNS spoofing. File : smb_nt_ms08-020.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : Arbitrary code can be executed on the remote host by sending a malformed file... File : smb_nt_ms08-021.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : Arbitrary code can be executed on the remote host through the web or email cl... File : smb_nt_ms08-022.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : The remote Windows host has an ActiveX control that is affected by multiple b... File : smb_nt_ms08-023.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-024.nasl - Type : ACT_GATHER_INFO |
2008-04-08 | Name : A local user can elevate his privileges on the remote host. File : smb_nt_ms08-025.nasl - Type : ACT_GATHER_INFO |