Executive Summary

Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA08-162B First vendor Publication 2008-06-10
Vendor US-CERT Last vendor Modification 2008-06-10
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, and Internet Explorer.

I. Description

Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Server, and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable system to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the June 2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services
(WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA08-162B.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-3 Using Leading 'Ghost' Character Sequences to Bypass Input Filters
CAPEC-7 Blind SQL Injection
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-13 Subverting Environment Variable Values
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-18 Embedding Scripts in Nonscript Elements
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-28 Fuzzing
CAPEC-31 Accessing/Intercepting/Modifying HTTP Cookies
CAPEC-32 Embedding Scripts in HTTP Query Strings
CAPEC-42 MIME Conversion
CAPEC-43 Exploiting Multiple Input Interpretation Layers
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-52 Embedding NULL Bytes
CAPEC-53 Postfix, Null Terminate, and Backslash
CAPEC-63 Simple Script Injection
CAPEC-64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
CAPEC-66 SQL Injection
CAPEC-67 String Format Overflow in syslog()
CAPEC-71 Using Unicode Encoding to Bypass Validation Logic
CAPEC-72 URL Encoding
CAPEC-73 User-Controlled Filename
CAPEC-78 Using Escaped Slashes in Alternate Encoding
CAPEC-79 Using Slashes in Alternate Encoding
CAPEC-80 Using UTF-8 Encoding to Bypass Validation Logic
CAPEC-81 Web Logs Tampering
CAPEC-83 XPath Injection
CAPEC-85 Client Network Footprinting (using AJAX/XSS)
CAPEC-86 Embedding Script (XSS ) in HTTP Headers
CAPEC-88 OS Command Injection
CAPEC-91 XSS in IMG Tags
CAPEC-99 XML Parser Attack
CAPEC-101 Server Side Include (SSI) Injection
CAPEC-104 Cross Zone Scripting
CAPEC-106 Cross Site Scripting through Log Files
CAPEC-108 Command Line Execution through SQL Injection
CAPEC-109 Object Relational Mapping Injection
CAPEC-110 SQL Injection through SOAP Parameter Tampering
CAPEC-171 Variable Manipulation

CWE : Common Weakness Enumeration

% Id Name
55 % CWE-20 Improper Input Validation
36 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
9 % CWE-94 Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:4730
 
Oval ID: oval:org.mitre.oval:def:4730
Title: Bluetooth Vulnerability
Description: The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista Gold and SP1, allows physically proximate attackers to execute arbitrary code via a large series of Service Discovery Protocol (SDP) packets.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1453
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:4910
 
Oval ID: oval:org.mitre.oval:def:4910
Title: Windows Active Directory Denial of Service Vulnerability
Description: Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1445
Version: 10
Platform(s): Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5236
 
Oval ID: oval:org.mitre.oval:def:5236
Title: MJPEG Decoder Vulnerability
Description: Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0011
Version: 11
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): DirectX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5291
 
Oval ID: oval:org.mitre.oval:def:5291
Title: Request Header Cross-Domain Information Disclosure Vulnerability
Description: The setRequestHeader method of the XMLHttpRequest object in Microsoft Internet Explorer 5.01, 6, and 7 does not block dangerous HTTP request headers when certain 8-bit character sequences are appended to a header name, which allows remote attackers to (1) conduct HTTP request splitting and HTTP request smuggling attacks via an incorrect Content-Length header, (2) access arbitrary virtual hosts via a modified Host header, (3) bypass referrer restrictions via an incorrect Referer header, and (4) bypass the same-origin policy and obtain sensitive information via a crafted request header.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1544
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5473
 
Oval ID: oval:org.mitre.oval:def:5473
Title: PGM Invalid Length Vulnerability
Description: Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1440
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5489
 
Oval ID: oval:org.mitre.oval:def:5489
Title: Speech API Vulnerability
Description: A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.
Family: windows Class: vulnerability
Reference(s): CVE-2007-0675
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5562
 
Oval ID: oval:org.mitre.oval:def:5562
Title: SAMI Format Parsing Vulnerability
Description: Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1444
Version: 3
Platform(s): Microsoft Windows 2000
Product(s): DirectX
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5582
 
Oval ID: oval:org.mitre.oval:def:5582
Title: WINS Memory Overwrite Vulnerability
Description: The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1451
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5604
 
Oval ID: oval:org.mitre.oval:def:5604
Title: PGM Malformed Fragment Vulnerability
Description: Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1441
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5720
 
Oval ID: oval:org.mitre.oval:def:5720
Title: HTML Objects Memory Corruption Vulnerability
Description: Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1442
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Internet Explorer 7
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 4
Application 4
Os 7
Os 1
Os 8
Os 6
Os 3
Os 6
Os 8
Os 4

OpenVAS Exploits

Date Description
2011-01-18 Name : Microsoft Active Directory Denial of Service Vulnerability (953235)
File : nvt/gb_ms08-035.nasl
2011-01-10 Name : Microsoft Windows Speech Components Voice Recognition Command Execution Vulne...
File : nvt/gb_ms08-032.nasl
2011-01-10 Name : Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerability ...
File : nvt/gb_ms08-036.nasl
2008-09-30 Name : Bluetooth Stack Could Allow Remote Code Execution Vulnerability (951376)
File : nvt/gb_ms08-030.nasl
2008-09-30 Name : Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
File : nvt/gb_ms08-033.nasl
2008-09-29 Name : Cumulative Security Update for Internet Explorer (950759)
File : nvt/gb_ms08-031.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
46087 Logitech Desktop Messenger BackWeb ActiveX Unspecified Overflow

46084 Microsoft IE Request Header Handling Cross-domain Information Disclosure

46083 Microsoft IE HTML Object Handling Memory Corruption Arbitrary Code Execution

A memory corruption flaw exists in Internet Explorer. IE fails to validate HTML objects resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
46076 BackWeb Lite Install Runner LiteInstActivator.dll ActiveX (LiteInstActivator....

46068 Microsoft Windows Pragmatic General Multicast (PGM) Fragment Handling Remote DoS

46067 Microsoft Windows Pragmatic General Multicast (PGM) Packet Handling Remote DoS

46066 Microsoft Windows Active Directory LDAP Request Processing Remote DoS

46065 Microsoft DirectX SAMI File Format Processing Arbitrary Code Execution

46064 Microsoft DirectX MJPEG Codec AVI/ASF File Processing Arbitrary Code Execution

46063 Microsoft Windows Internet Name Service (WINS) Packet Handling Local Privileg...

46062 Microsoft Windows Speech Components (sapi.dll) Speech Recognition Code Execution

46061 Microsoft Windows Bluetooth SDP Packet Processing Remote Code Execution

A code execution flaw exists in Windows. The Bluetooth stack fails to validate Service Delivery Protocol (SDP) packets resulting in potential code execution. With a large number of specially crafted SDP packets, an attacker can cause arbitrary code execution resulting in a loss of integrity.
43606 Microsoft IE XMLHttpRequest() Multiple Header Overwrite HTTP Response Splitting

33627 Microsoft Vista Speech Recognition Web Page Arbitrary Command Execution

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-06-26 IAVM : 2008-B-0049 - Microsoft Bluetooth Stack Remote Code Execution Vulnerability (951376)
Severity : Category I - VMSKEY : V0016051
2008-06-12 IAVM : 2008-T-0025 - Microsoft Pragmatic General Multicast (PGM) Denial of Service Vulnerabilities
Severity : Category I - VMSKEY : V0016038
2008-06-12 IAVM : 2008-A-0041 - Microsoft Active Directory Denial of Service Vulnerability
Severity : Category I - VMSKEY : V0016040

Snort® IPS/IDS

Date Description
2016-03-14 Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt
RuleID : 37153 - Revision : 1 - Type : FILE-MULTIMEDIA
2016-03-14 Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt
RuleID : 37152 - Revision : 1 - Type : FILE-MULTIMEDIA
2016-03-14 Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt
RuleID : 37151 - Revision : 1 - Type : FILE-MULTIMEDIA
2016-03-14 Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt
RuleID : 36434 - Revision : 2 - Type : BROWSER-PLUGINS
2016-03-14 Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt
RuleID : 36433 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Pragmatic General Multicast Protocol memory consumption den...
RuleID : 17667 - Revision : 6 - Type : OS-WINDOWS
2014-01-10 Microsoft Internet Explorer setRequestHeader overflow attempt
RuleID : 17385 - Revision : 8 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer setRequestHeader overflow attempt
RuleID : 17384 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt
RuleID : 15995 - Revision : 16 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Active Directory LDAP cookie denial of service attempt
RuleID : 13835 - Revision : 12 - Type : OS-WINDOWS
2014-01-10 Microsoft Internet Explorer request header overwrite
RuleID : 13834 - Revision : 18 - Type : BROWSER-IE
2014-01-10 backweb ActiveX clsid unicode access
RuleID : 13833 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer backweb ActiveX clsid access
RuleID : 13832 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 sapi.dll alternate killbit ActiveX clsid unicode access
RuleID : 13831 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt
RuleID : 13830 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 sapi.dll ActiveX clsid unicode access
RuleID : 13829 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer sapi.dll ActiveX clsid access attempt
RuleID : 13828 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows PGM denial of service attempt
RuleID : 13827 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 Microsoft WINS arbitrary memory modification attempt
RuleID : 13826 - Revision : 6 - Type : OS-WINDOWS
2014-01-10 Microsoft PGM fragment denial of service attempt
RuleID : 13825 - Revision : 9 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows DirectX malformed mjpeg arbitrary code execution attempt
RuleID : 13824 - Revision : 15 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows DirectX SAMI file parsing buffer overflow attempt
RuleID : 13823 - Revision : 14 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft XML substringData integer overflow attempt
RuleID : 12279 - Revision : 15 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2008-06-12 Name : It is possible to crash Active Directory on the remote host.
File : smb_nt_ms08-035.nasl - Type : ACT_GATHER_INFO
2008-06-11 Name : Arbitrary code can be executed on the remote host through Bluetooth.
File : smb_nt_ms08-030.nasl - Type : ACT_GATHER_INFO
2008-06-10 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms08-031.nasl - Type : ACT_GATHER_INFO
2008-06-10 Name : The remote Windows host has an ActiveX control that is affected by multiple m...
File : smb_nt_ms08-032.nasl - Type : ACT_GATHER_INFO
2008-06-10 Name : A vulnerability in DirectX could allow remote code execution.
File : smb_nt_ms08-033.nasl - Type : ACT_GATHER_INFO
2008-06-10 Name : The remote WINS service can be abused to escalate privileges.
File : smb_nt_ms08-034.nasl - Type : ACT_GATHER_INFO
2008-06-10 Name : An unauthenticated attacker can crash the remote host.
File : smb_nt_ms08-036.nasl - Type : ACT_GATHER_INFO