Executive Summary
Summary | |
---|---|
Title | Microsoft Updates for Multiple Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA08-225A | First vendor Publication | 2008-08-12 |
Vendor | US-CERT | Last vendor Modification | 2008-08-12 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Internet Explorer, and other related components as part of the Microsoft Security Bulletin Summary for August 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the August 2008 |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA08-225A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
27 % | CWE-20 | Improper Input Validation |
8 % | CWE-200 | Information Exposure |
8 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
4 % | CWE-264 | Permissions, Privileges, and Access Controls |
4 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5266 | |||
Oval ID: | oval:org.mitre.oval:def:5266 | ||
Title: | HTML Objects Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2257 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5366 | |||
Oval ID: | oval:org.mitre.oval:def:5366 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2256 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5555 | |||
Oval ID: | oval:org.mitre.oval:def:5555 | ||
Title: | Parsing Overflow Vulnerability | ||
Description: | A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1455 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office Compatibility Pack Microsoft Office PowerPoint 2000 Microsoft Office PowerPoint 2002 Microsoft Office PowerPoint 2003 Microsoft Office PowerPoint 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5561 | |||
Oval ID: | oval:org.mitre.oval:def:5561 | ||
Title: | Excel Record Parsing Vulnerability | ||
Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3006 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Excel Viewer 2003 Microsoft Excel Viewer 2007 Microsoft Office Compatibility Pack Microsoft SharePoint Server 2007 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5602 | |||
Oval ID: | oval:org.mitre.oval:def:5602 | ||
Title: | HTML Objects Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2255 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5630 | |||
Oval ID: | oval:org.mitre.oval:def:5630 | ||
Title: | Event System Vulnerability | ||
Description: | Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1456 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5724 | |||
Oval ID: | oval:org.mitre.oval:def:5724 | ||
Title: | Memory Calculation Vulnerability | ||
Description: | A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0121 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office PowerPoint Viewer 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5768 | |||
Oval ID: | oval:org.mitre.oval:def:5768 | ||
Title: | Memory Allocation Vulnerability | ||
Description: | Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0120 | Version: | 8 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Office PowerPoint Viewer 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5820 | |||
Oval ID: | oval:org.mitre.oval:def:5820 | ||
Title: | HTML Object Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2254 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5837 | |||
Oval ID: | oval:org.mitre.oval:def:5837 | ||
Title: | Excel Index Array Vulnerability | ||
Description: | Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3005 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5868 | |||
Oval ID: | oval:org.mitre.oval:def:5868 | ||
Title: | Microsoft Malformed BMP Filter Vulnerability | ||
Description: | Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3020 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5879 | |||
Oval ID: | oval:org.mitre.oval:def:5879 | ||
Title: | Microsoft Malformed PICT Filter Vulnerability | ||
Description: | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3018 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5885 | |||
Oval ID: | oval:org.mitre.oval:def:5885 | ||
Title: | Excel Indexing Validation Vulnerability | ||
Description: | Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3004 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel Viewer 2003 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5886 | |||
Oval ID: | oval:org.mitre.oval:def:5886 | ||
Title: | URL Parsing Cross-Domain Information Disclosure Vulnerability | ||
Description: | The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1448 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Outlook Express Microsoft Mail |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5897 | |||
Oval ID: | oval:org.mitre.oval:def:5897 | ||
Title: | Word Record Parsing Vulnerability | ||
Description: | Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2244 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Excel 2002 Microsoft Word 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5913 | |||
Oval ID: | oval:org.mitre.oval:def:5913 | ||
Title: | HTML Component Handling Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2259 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5923 | |||
Oval ID: | oval:org.mitre.oval:def:5923 | ||
Title: | Microsoft Color Management System Vulnerability | ||
Description: | Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2245 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5951 | |||
Oval ID: | oval:org.mitre.oval:def:5951 | ||
Title: | Excel Credential Caching Vulnerability | ||
Description: | Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3003 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Excel 2007 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5995 | |||
Oval ID: | oval:org.mitre.oval:def:5995 | ||
Title: | Windows Messenger Information Disclosure Vulnerability | ||
Description: | An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-0082 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | MSN Messenger 4.7 MSN Messenger 5.1 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5997 | |||
Oval ID: | oval:org.mitre.oval:def:5997 | ||
Title: | Microsoft PICT Filter Parsing Vulnerability | ||
Description: | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3021 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works 8 |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6019 | |||
Oval ID: | oval:org.mitre.oval:def:6019 | ||
Title: | Microsoft Office WPG Image File Heap Corruption Vulnerability | ||
Description: | WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3460 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6025 | |||
Oval ID: | oval:org.mitre.oval:def:6025 | ||
Title: | HTML Objects Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2258 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6060 | |||
Oval ID: | oval:org.mitre.oval:def:6060 | ||
Title: | IPsec Policy Information Disclosure Vulnerability | ||
Description: | Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2246 | Version: | 5 |
Platform(s): | Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6095 | |||
Oval ID: | oval:org.mitre.oval:def:6095 | ||
Title: | Event System Vulnerability | ||
Description: | The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-1457 | Version: | 4 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6120 | |||
Oval ID: | oval:org.mitre.oval:def:6120 | ||
Title: | Snapshot Viewer Arbitrary File Download Vulnerability | ||
Description: | The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-2463 | Version: | 6 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Access 2000 Microsoft Access 2002 Microsoft Access 2003 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6122 | |||
Oval ID: | oval:org.mitre.oval:def:6122 | ||
Title: | Microsoft Malformed EPS Filter Vulnerability | ||
Description: | Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2008-3019 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office 2000 Microsoft Office XP Microsoft Office 2003 Microsoft Office Project 2002 Microsoft Office Converter Pack Microsoft Works |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 | |
Application | 5 | |
Application |
| 9 |
Application | 2 | |
Application | 1 | |
Application | 3 | |
Application | 1 | |
Application | 3 | |
Application | 1 | |
Application | 3 | |
Application | 2 | |
Application | 1 | |
Application | 2 | |
Application | 1 | |
Os | 1 | |
Os | 2 | |
Os | 2 | |
Os | 2 | |
Os | 3 |
SAINT Exploits
Description | Link |
---|---|
Microsoft Excel FORMAT record array index memory corruption | More info here |
Microsoft Access Snapshot Viewer file download vulnerability | More info here |
Microsoft PowerPoint Viewer picture index CString object integer overflow | More info here |
Internet Explorer print preview argument validation vulnerability | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-21 | Name : Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerabilit... File : nvt/gb_ms08-047.nasl |
2008-10-07 | Name : Microsoft Windows Image Color Management System Code Execution Vulnerability ... File : nvt/gb_ms08-046.nasl |
2008-08-19 | Name : Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066) File : nvt/secpod_ms08-043_900028.nasl |
2008-08-19 | Name : Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (9... File : nvt/secpod_ms08-044_900029.nasl |
2008-08-19 | Name : Cumulative Security Update for Internet Explorer (953838) File : nvt/secpod_ms08-045_900030.nasl |
2008-08-19 | Name : Security Update for Outlook Express (951066) File : nvt/secpod_ms08-048_900031.nasl |
2008-08-19 | Name : Vulnerabilities in Event System Could Allow Remote Code Execution (950974) File : nvt/secpod_ms08-049_900035.nasl |
2008-08-19 | Name : Windows Messenger Could Allow Information Disclosure Vulnerability (955702) File : nvt/secpod_ms08-050_900034.nasl |
2008-08-19 | Name : Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785) File : nvt/secpod_ms08-051_900033.nasl |
2008-08-19 | Name : Microsoft Access Snapshot Viewer ActiveX Control Vulnerability File : nvt/secpod_ms_access_snapshot_viewer_actvx_vuln_900004.nasl |
2008-08-19 | Name : Microsoft Word Could Allow Remote Code Execution Vulnerability File : nvt/secpod_ms_word_code_exec_vuln_900006.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
47419 | Microsoft IE HTML Object Unspecified Memory Corruption |
47418 | Microsoft IE HTML Object Unspecified Memory Corruption |
47417 | Microsoft IE Object Handling Uninitialized Memory Corruption |
47416 | Microsoft IE HTML Document Objects Handling Memory Corruption |
47415 | Microsoft IE HTML Document Object Handling Memory Corruption An unspecified memory corruption flaw exists in Internet Explorer. IE fails to validate Document Objects resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
47414 | Microsoft IE Print Preview HTML Component Handling Unspecified Arbitrary Code... |
47413 | Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure |
47412 | Microsoft Windows Event System Crafted Request Array Index Handling Remote Pr... |
47411 | Microsoft Windows Event System Per-user Subscription Crafted Request Remote P... |
47410 | Microsoft Office Excel connections.xml Password String Persistence |
47409 | Microsoft Office Excel Spreadsheet AxesSet Record Memory Corruption |
47408 | Microsoft Office Excel File FORMAT Record Array Index Handling Arbitrary Code... |
47407 | Microsoft Office Excel File COUNTRY Record Value Parsing Arbitrary Code Execu... |
47406 | Microsoft PowerPoint Viewer Cstring Object Handling Memory Corruption |
47405 | Microsoft PowerPoint Viewer Picture Index Handling Memory Corruption |
47404 | Microsoft PowerPoint File List Value Handling Memory Corruption |
47403 | Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privile... |
47402 | Microsoft Office Filters PICT File Handling Arbitrary Code Execution |
47401 | Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrar... |
47400 | Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code ... A remote overflow exists in the BMPIMP32.FLT Filter Module that comes with Microsoft Office XP. The Filter Module fails to handle malformed BMP image headers resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause execute arbitrary code resulting in a loss of integrity. |
47398 | Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption |
47397 | Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling... |
47396 | Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Di... |
47395 | Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpe... |
46914 | Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution |
46749 | Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method ... A code execution flaw exists in Office. The Access Snapshot Viewer ActiveX control fails to validated unspecified content when saving files resulting in a code execution. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2008-08-14 | IAVM : 2008-A-0060 - Microsoft Windows Image Color Management System Vulnerability Severity : Category I - VMSKEY : V0016737 |
2008-08-14 | IAVM : 2008-A-0056 - Microsoft Office Access Snapshot Viewer ActiveX Control Vulnerability Severity : Category I - VMSKEY : V0016740 |
2008-08-14 | IAVM : 2008-A-0058 - Multiple Microsoft Office Filters Remote Code Execution Vulnerabilities Severity : Category II - VMSKEY : V0016741 |
2008-08-14 | IAVM : 2008-T-0038 - Microsoft IPsec Policy Processing Information Disclosure Vulnerability Severity : Category I - VMSKEY : V0016742 |
2008-08-14 | IAVM : 2008-T-0039 - Multiple Microsoft Event System Remote Code Execution Vulnerabilities Severity : Category I - VMSKEY : V0016744 |
2008-08-14 | IAVM : 2008-T-0040 - Microsoft Windows Messenger Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0016746 |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Snapshot Viewer General Property Page Object ActiveX clsid unicode access RuleID : 7982 - Revision : 11 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 7981 - Revision : 19 - Type : BROWSER-PLUGINS |
2019-12-03 | Microsoft Windows GDI+ EMF buffer overwrite attempt RuleID : 52035 - Revision : 1 - Type : OS-WINDOWS |
2019-12-03 | Microsoft Windows GDI+ EMF buffer overwrite attempt RuleID : 52034 - Revision : 1 - Type : OS-WINDOWS |
2019-12-03 | Microsoft Windows GDI+ EMF buffer overwrite attempt RuleID : 52033 - Revision : 1 - Type : OS-WINDOWS |
2019-12-03 | Microsoft Windows GDI+ EMF buffer overwrite attempt RuleID : 52032 - Revision : 1 - Type : OS-WINDOWS |
2019-12-03 | Microsoft Windows GDI+ EMF buffer overwrite attempt RuleID : 52031 - Revision : 1 - Type : OS-WINDOWS |
2019-12-03 | Microsoft Windows GDI+ EMF buffer overwrite attempt RuleID : 52030 - Revision : 1 - Type : OS-WINDOWS |
2017-10-31 | Apple PICT Quickdraw image converter packType 4 buffer overflow attempt RuleID : 44456 - Revision : 2 - Type : FILE-IMAGE |
2017-10-31 | Apple PICT Quickdraw image converter packType 4 buffer overflow attempt RuleID : 44455 - Revision : 2 - Type : FILE-IMAGE |
2017-09-28 | Microsoft Internet Explorer span frontier parsing memory corruption attempt RuleID : 44188 - Revision : 2 - Type : BROWSER-IE |
2017-09-21 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 44069 - Revision : 2 - Type : FILE-OFFICE |
2017-09-21 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 44068 - Revision : 2 - Type : FILE-OFFICE |
2017-09-19 | Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt RuleID : 44032 - Revision : 2 - Type : FILE-OFFICE |
2017-09-19 | Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt RuleID : 44031 - Revision : 2 - Type : FILE-OFFICE |
2017-08-23 | Microsoft Office Word SmartTag record code execution attempt RuleID : 43675 - Revision : 3 - Type : FILE-OFFICE |
2017-08-23 | Microsoft Office Word SmartTag record code execution attempt RuleID : 43674 - Revision : 3 - Type : FILE-OFFICE |
2017-08-23 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 43606 - Revision : 3 - Type : BROWSER-PLUGINS |
2017-08-23 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 43605 - Revision : 2 - Type : BROWSER-PLUGINS |
2016-03-14 | Microsoft Internet Explorer argument validation in print preview handling exp... RuleID : 36453 - Revision : 3 - Type : BROWSER-IE |
2014-11-16 | Microsoft Office Excel malformed chart arbitrary code execution attempt RuleID : 31441 - Revision : 2 - Type : FILE-OFFICE |
2014-11-16 | Microsoft Office Word SmartTag record code execution attempt RuleID : 31312 - Revision : 6 - Type : FILE-OFFICE |
2014-11-16 | Microsoft Office Word SmartTag record code execution attempt RuleID : 31311 - Revision : 6 - Type : FILE-OFFICE |
2014-11-16 | Microsoft Office Word SmartTag record code execution attempt RuleID : 31310 - Revision : 6 - Type : FILE-OFFICE |
2014-03-06 | Microsoft Windows Message System ActiveX function call access RuleID : 29538 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-02-21 | Microsoft Office Excel country record arbitrary code execution attempt RuleID : 29404 - Revision : 2 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28322 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28321 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28320 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28319 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28318 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28317 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28316 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28315 - Revision : 6 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28314 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28313 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28312 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Office Image filter BMP overflow attempt RuleID : 28311 - Revision : 2 - Type : FILE-OTHER |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access RuleID : 27793 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 27792 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 27791 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 27790 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 27789 - Revision : 4 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access RuleID : 27788 - Revision : 3 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 27090 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 27089 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 26710 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 26709 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 26708 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 26707 - Revision : 4 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 26706 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 26597 - Revision : 5 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflo... RuleID : 26330 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Excel format record code execution attempt RuleID : 26329 - Revision : 3 - Type : FILE-OFFICE |
2014-01-10 | Eleanore exploit kit post-exploit page request RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit pdf exploit page request RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit exploit fetch request RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Eleanore exploit kit landing page RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT |
2014-01-10 | Microsoft Office Excel format record code execution attempt RuleID : 19552 - Revision : 15 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer getElementById object corruption RuleID : 19079 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer static text range overflow attempt RuleID : 17720 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer ExecWB security zone bypass attempt RuleID : 17692 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office PowerPoint Viewer memory allocation code execution attempt RuleID : 17310 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office Word SmartTag record code execution attempt RuleID : 17308 - Revision : 14 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer getElementById object corruption attempt RuleID : 15910 - Revision : 18 - Type : BROWSER-IE |
2014-01-10 | Microsoft Office Excel malformed chart arbitrary code execution attempt RuleID : 13981 - Revision : 22 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Internet Explorer http status response memory corruption vulnerability RuleID : 13980 - Revision : 17 - Type : BROWSER-IE |
2014-01-10 | Microsoft Windows Event System Subscription VBScript access RuleID : 13979 - Revision : 14 - Type : OS-WINDOWS |
2014-01-10 | Microsoft Windows Event System ActiveX function call unicode access RuleID : 13978 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Event System ActiveX function call access RuleID : 13977 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Event System ActiveX clsid unicode access RuleID : 13976 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows Event System ActiveX clsid access RuleID : 13975 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer XHTML element memory corruption attempt RuleID : 13974 - Revision : 13 - Type : BROWSER-IE |
2015-05-28 | Microsoft Excel format record code execution attempt RuleID : 13973 - Revision : 12 - Type : WEB-CLIENT |
2014-01-10 | Microsoft Office Excel country record arbitrary code execution attempt RuleID : 13972 - Revision : 23 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflo... RuleID : 13971 - Revision : 19 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Office eps filters memory corruption attempt RuleID : 13970 - Revision : 18 - Type : FILE-OFFICE |
2014-01-10 | Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt RuleID : 13969 - Revision : 13 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Message System ActiveX function call unicode access RuleID : 13968 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Message System ActiveX function call access RuleID : 13967 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Message System ActiveX clsid unicode access RuleID : 13966 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Windows Message System ActiveX clsid access RuleID : 13965 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer span frontier parsing memory corruption attempt RuleID : 13964 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer argument validation in print preview handling exp... RuleID : 13963 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer MHTML zone control bypass attempt RuleID : 13962 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer table layout access violation vulnerability RuleID : 13961 - Revision : 10 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer static text range overflow attempt RuleID : 13960 - Revision : 14 - Type : BROWSER-IE |
2014-01-10 | WordPerfect Graphics file invalid RLE buffer overflow attempt RuleID : 13958 - Revision : 10 - Type : FILE-OFFICE |
2014-01-10 | Microsoft Color Management System EMF file processing overflow attempt RuleID : 13954 - Revision : 10 - Type : OS-WINDOWS |
2014-01-10 | Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt RuleID : 13947 - Revision : 11 - Type : FILE-IMAGE |
2014-01-10 | Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt RuleID : 13946 - Revision : 11 - Type : FILE-IMAGE |
2014-01-10 | Microsoft Access Snapshot Viewer 2 ActiveX function call unicode access RuleID : 13910 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer 2 ActiveX function call access RuleID : 13909 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer 2 ActiveX clsid unicode access RuleID : 13908 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 13907 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer 1 ActiveX function call unicode access RuleID : 13906 - Revision : 9 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX function call access attempt RuleID : 13905 - Revision : 18 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Access Snapshot Viewer 1 ActiveX clsid unicode access RuleID : 13904 - Revision : 8 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Access Snapshot Viewer ActiveX clsid access attempt RuleID : 13903 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | Windows BMP image conversion arbitrary code execution attempt RuleID : 13879 - Revision : 13 - Type : OS-WINDOWS |
2014-01-10 | BMP image handler buffer overflow attempt RuleID : 13865 - Revision : 18 - Type : FILE-IMAGE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms_office_aug2008.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-041.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through Microsoft Word. File : smb_nt_ms08-042.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms08-043.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through the Microsoft Offic... File : smb_nt_ms08-044.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-045.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through the Microsoft Color... File : smb_nt_ms08-046.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : The remote host IPsec policy processing could lead to information disclosure. File : smb_nt_ms08-047.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : An information disclosure vulnerability is present on the remote host due to ... File : smb_nt_ms08-048.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through the Microsoft Event... File : smb_nt_ms08-049.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : The remote host is vulnerable to an information disclosure due to Windows Mes... File : smb_nt_ms08-050.nasl - Type : ACT_GATHER_INFO |
2008-08-13 | Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint. File : smb_nt_ms08-051.nasl - Type : ACT_GATHER_INFO |