Executive Summary

Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA08-225A First vendor Publication 2008-08-12
Vendor US-CERT Last vendor Modification 2008-08-12
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer.

I. Description

Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Office, Internet Explorer, and other related components as part of the Microsoft Security Bulletin Summary for August 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the August 2008
Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA08-225A.html

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-399 Resource Management Errors
27 % CWE-20 Improper Input Validation
8 % CWE-200 Information Exposure
8 % CWE-94 Failure to Control Generation of Code ('Code Injection')
4 % CWE-264 Permissions, Privileges, and Access Controls
4 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5266
 
Oval ID: oval:org.mitre.oval:def:5266
Title: HTML Objects Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.
Family: windows Class: vulnerability
Reference(s): CVE-2008-2257
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5366
 
Oval ID: oval:org.mitre.oval:def:5366
Title: Uninitialized Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-2256
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5555
 
Oval ID: oval:org.mitre.oval:def:5555
Title: Parsing Overflow Vulnerability
Description: A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 through SP1; and Office 2004 for Mac allows remote attackers to execute arbitrary code via a PowerPoint file with crafted list values that trigger memory corruption, aka "Parsing Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1455
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Office Compatibility Pack
Microsoft Office PowerPoint 2000
Microsoft Office PowerPoint 2002
Microsoft Office PowerPoint 2003
Microsoft Office PowerPoint 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5561
 
Oval ID: oval:org.mitre.oval:def:5561
Title: Excel Record Parsing Vulnerability
Description: Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 Gold and SP3; Office Excel Viewer; Office Compatibility Pack 2007 Gold and SP1; Office SharePoint Server 2007 Gold and SP1; and Office 2004 and 2008 for Mac do not properly parse Country record values when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Record Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3006
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Excel Viewer 2003
Microsoft Excel Viewer 2007
Microsoft Office Compatibility Pack
Microsoft SharePoint Server 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5602
 
Oval ID: oval:org.mitre.oval:def:5602
Title: HTML Objects Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-2255
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5630
 
Oval ID: oval:org.mitre.oval:def:5630
Title: Event System Vulnerability
Description: Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1456
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5724
 
Oval ID: oval:org.mitre.oval:def:5724
Title: Memory Calculation Vulnerability
Description: A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0121
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Office PowerPoint Viewer 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5768
 
Oval ID: oval:org.mitre.oval:def:5768
Title: Memory Allocation Vulnerability
Description: Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-0120
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Office PowerPoint Viewer 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5820
 
Oval ID: oval:org.mitre.oval:def:5820
Title: HTML Object Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-2254
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5837
 
Oval ID: oval:org.mitre.oval:def:5837
Title: Excel Index Array Vulnerability
Description: Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3005
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5868
 
Oval ID: oval:org.mitre.oval:def:5868
Title: Microsoft Malformed BMP Filter Vulnerability
Description: Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works 8 do not properly parse the length of a BMP file, which allows remote attackers to execute arbitrary code via a crafted BMP file, aka the "Malformed BMP Filter Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3020
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Office 2000
Microsoft Office XP
Microsoft Office Project 2002
Microsoft Office Converter Pack
Microsoft Works
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5879
 
Oval ID: oval:org.mitre.oval:def:5879
Title: Microsoft Malformed PICT Filter Vulnerability
Description: Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file, aka the "Malformed PICT Filter Vulnerability," a different vulnerability than CVE-2008-3021.
Family: windows Class: vulnerability
Reference(s): CVE-2008-3018
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office Project 2002
Microsoft Office Converter Pack
Microsoft Works
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5885
 
Oval ID: oval:org.mitre.oval:def:5885
Title: Excel Indexing Validation Vulnerability
Description: Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; Office Excel Viewer 2003; and Office 2004 and 2008 for Mac do not properly validate index values for AxesSet records when loading Excel files, which allows remote attackers to execute arbitrary code via a crafted Excel file, aka the "Excel Indexing Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3004
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5886
 
Oval ID: oval:org.mitre.oval:def:5886
Title: URL Parsing Cross-Domain Information Disclosure Vulnerability
Description: The MHTML protocol handler in a component of Microsoft Outlook Express 5.5 SP2 and 6 through SP1, and Windows Mail, does not assign the correct Internet Explorer Security Zone to UNC share pathnames, which allows remote attackers to bypass intended access restrictions and read arbitrary files via an mhtml: URI in conjunction with a redirection, aka "URL Parsing Cross-Domain Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-1448
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Outlook Express
Microsoft Mail
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5897
 
Oval ID: oval:org.mitre.oval:def:5897
Title: Word Record Parsing Vulnerability
Description: Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
Family: windows Class: vulnerability
Reference(s): CVE-2008-2244
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Excel 2002
Microsoft Word 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5913
 
Oval ID: oval:org.mitre.oval:def:5913
Title: HTML Component Handling Vulnerability
Description: Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-2259
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5923
 
Oval ID: oval:org.mitre.oval:def:5923
Title: Microsoft Color Management System Vulnerability
Description: Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
Family: windows Class: vulnerability
Reference(s): CVE-2008-2245
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5951
 
Oval ID: oval:org.mitre.oval:def:5951
Title: Excel Credential Caching Vulnerability
Description: Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3003
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Excel 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5995
 
Oval ID: oval:org.mitre.oval:def:5995
Title: Windows Messenger Information Disclosure Vulnerability
Description: An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2008-0082
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): MSN Messenger 4.7
MSN Messenger 5.1
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5997
 
Oval ID: oval:org.mitre.oval:def:5997
Title: Microsoft PICT Filter Parsing Vulnerability
Description: Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
Family: windows Class: vulnerability
Reference(s): CVE-2008-3021
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office Project 2002
Microsoft Office Converter Pack
Microsoft Works 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6019
 
Oval ID: oval:org.mitre.oval:def:6019
Title: Microsoft Office WPG Image File Heap Corruption Vulnerability
Description: WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 does not properly parse the length of a WordPerfect Graphics (WPG) file, which allows remote attackers to execute arbitrary code via a crafted WPG file, aka the "WPG Image File Heap Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3460
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office Project 2002
Microsoft Office Converter Pack
Microsoft Works
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6025
 
Oval ID: oval:org.mitre.oval:def:6025
Title: HTML Objects Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.
Family: windows Class: vulnerability
Reference(s): CVE-2008-2258
Version: 5
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6060
 
Oval ID: oval:org.mitre.oval:def:6060
Title: IPsec Policy Information Disclosure Vulnerability
Description: Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
Family: windows Class: vulnerability
Reference(s): CVE-2008-2246
Version: 5
Platform(s): Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6095
 
Oval ID: oval:org.mitre.oval:def:6095
Title: Event System Vulnerability
Description: The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
Family: windows Class: vulnerability
Reference(s): CVE-2008-1457
Version: 4
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6120
 
Oval ID: oval:org.mitre.oval:def:6120
Title: Snapshot Viewer Arbitrary File Download Vulnerability
Description: The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
Family: windows Class: vulnerability
Reference(s): CVE-2008-2463
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Access 2000
Microsoft Access 2002
Microsoft Access 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6122
 
Oval ID: oval:org.mitre.oval:def:6122
Title: Microsoft Malformed EPS Filter Vulnerability
Description: Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of an Encapsulated PostScript (EPS) file, which allows remote attackers to execute arbitrary code via a crafted EPS file, aka the "Malformed EPS Filter Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3019
Version: 10
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Office 2000
Microsoft Office XP
Microsoft Office 2003
Microsoft Office Project 2002
Microsoft Office Converter Pack
Microsoft Works
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 5
Application 9
Application 2
Application 1
Application 3
Application 1
Application 3
Application 1
Application 3
Application 2
Application 1
Application 2
Application 1
Os 1
Os 2
Os 2
Os 2
Os 3

SAINT Exploits

Description Link
Microsoft Excel FORMAT record array index memory corruption More info here
Microsoft Access Snapshot Viewer file download vulnerability More info here
Microsoft PowerPoint Viewer picture index CString object integer overflow More info here
Internet Explorer print preview argument validation vulnerability More info here

OpenVAS Exploits

Date Description
2010-12-21 Name : Microsoft Windows IPsec Policy Processing Information Disclosure Vulnerabilit...
File : nvt/gb_ms08-047.nasl
2008-10-07 Name : Microsoft Windows Image Color Management System Code Execution Vulnerability ...
File : nvt/gb_ms08-046.nasl
2008-08-19 Name : Microsoft Excel Could Allow Remote Code Execution Vulnerabilities (954066)
File : nvt/secpod_ms08-043_900028.nasl
2008-08-19 Name : Microsoft Office Filters Could Allow Remote Code Execution Vulnerabilities (9...
File : nvt/secpod_ms08-044_900029.nasl
2008-08-19 Name : Cumulative Security Update for Internet Explorer (953838)
File : nvt/secpod_ms08-045_900030.nasl
2008-08-19 Name : Security Update for Outlook Express (951066)
File : nvt/secpod_ms08-048_900031.nasl
2008-08-19 Name : Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
File : nvt/secpod_ms08-049_900035.nasl
2008-08-19 Name : Windows Messenger Could Allow Information Disclosure Vulnerability (955702)
File : nvt/secpod_ms08-050_900034.nasl
2008-08-19 Name : Microsoft PowerPoint Could Allow Remote Code Execution Vulnerabilities (949785)
File : nvt/secpod_ms08-051_900033.nasl
2008-08-19 Name : Microsoft Access Snapshot Viewer ActiveX Control Vulnerability
File : nvt/secpod_ms_access_snapshot_viewer_actvx_vuln_900004.nasl
2008-08-19 Name : Microsoft Word Could Allow Remote Code Execution Vulnerability
File : nvt/secpod_ms_word_code_exec_vuln_900006.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
47419 Microsoft IE HTML Object Unspecified Memory Corruption

47418 Microsoft IE HTML Object Unspecified Memory Corruption

47417 Microsoft IE Object Handling Uninitialized Memory Corruption

47416 Microsoft IE HTML Document Objects Handling Memory Corruption

47415 Microsoft IE HTML Document Object Handling Memory Corruption

An unspecified memory corruption flaw exists in Internet Explorer. IE fails to validate Document Objects resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
47414 Microsoft IE Print Preview HTML Component Handling Unspecified Arbitrary Code...

47413 Microsoft IE MHTML Protocol Handler Cross-Domain Information Disclosure

47412 Microsoft Windows Event System Crafted Request Array Index Handling Remote Pr...

47411 Microsoft Windows Event System Per-user Subscription Crafted Request Remote P...

47410 Microsoft Office Excel connections.xml Password String Persistence

47409 Microsoft Office Excel Spreadsheet AxesSet Record Memory Corruption

47408 Microsoft Office Excel File FORMAT Record Array Index Handling Arbitrary Code...

47407 Microsoft Office Excel File COUNTRY Record Value Parsing Arbitrary Code Execu...

47406 Microsoft PowerPoint Viewer Cstring Object Handling Memory Corruption

47405 Microsoft PowerPoint Viewer Picture Index Handling Memory Corruption

47404 Microsoft PowerPoint File List Value Handling Memory Corruption

47403 Microsoft Windows Messenger ActiveX (Messenger.UIAutomation.1) Remote Privile...

47402 Microsoft Office Filters PICT File Handling Arbitrary Code Execution

47401 Microsoft Office Filters Encapsulated PostScript (EPS) File Handling Arbitrar...

47400 Microsoft Office BMPIMP32.FLT Filter BMP File Header Handling Arbitrary Code ...

A remote overflow exists in the BMPIMP32.FLT Filter Module that comes with Microsoft Office XP. The Filter Module fails to handle malformed BMP image headers resulting in a heap overflow. With a specially crafted file, a context-dependent attacker can cause execute arbitrary code resulting in a loss of integrity.
47398 Microsoft Office Filters PICT File bits_per_pixel Field Heap Corruption

47397 Microsoft Office WPGIMP32.FLT Filter WordPerfect Graphics (WPG) File Handling...

47396 Microsoft Windows IPsec Policy Import Failure Cleartext Remote Information Di...

47395 Microsoft Windows Image Color Management System (MSCMS) mscms.dll InternalOpe...

46914 Microsoft Word DOC File Handling Unspecified Arbitrary Code Execution

46749 Microsoft Access Snapshot Viewer ActiveX (snapview.ocx) PrintSnapshot Method ...

A code execution flaw exists in Office. The Access Snapshot Viewer ActiveX control fails to validated unspecified content when saving files resulting in a code execution. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-08-14 IAVM : 2008-A-0060 - Microsoft Windows Image Color Management System Vulnerability
Severity : Category I - VMSKEY : V0016737
2008-08-14 IAVM : 2008-A-0056 - Microsoft Office Access Snapshot Viewer ActiveX Control Vulnerability
Severity : Category I - VMSKEY : V0016740
2008-08-14 IAVM : 2008-A-0058 - Multiple Microsoft Office Filters Remote Code Execution Vulnerabilities
Severity : Category II - VMSKEY : V0016741
2008-08-14 IAVM : 2008-T-0038 - Microsoft IPsec Policy Processing Information Disclosure Vulnerability
Severity : Category I - VMSKEY : V0016742
2008-08-14 IAVM : 2008-T-0039 - Multiple Microsoft Event System Remote Code Execution Vulnerabilities
Severity : Category I - VMSKEY : V0016744
2008-08-14 IAVM : 2008-T-0040 - Microsoft Windows Messenger Information Disclosure Vulnerability
Severity : Category II - VMSKEY : V0016746

Snort® IPS/IDS

Date Description
2014-01-10 Snapshot Viewer General Property Page Object ActiveX clsid unicode access
RuleID : 7982 - Revision : 11 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Access Snapshot Viewer ActiveX clsid access attempt
RuleID : 7981 - Revision : 19 - Type : BROWSER-PLUGINS
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52035 - Revision : 1 - Type : OS-WINDOWS
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52034 - Revision : 1 - Type : OS-WINDOWS
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52033 - Revision : 1 - Type : OS-WINDOWS
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52032 - Revision : 1 - Type : OS-WINDOWS
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52031 - Revision : 1 - Type : OS-WINDOWS
2019-12-03 Microsoft Windows GDI+ EMF buffer overwrite attempt
RuleID : 52030 - Revision : 1 - Type : OS-WINDOWS
2017-10-31 Apple PICT Quickdraw image converter packType 4 buffer overflow attempt
RuleID : 44456 - Revision : 2 - Type : FILE-IMAGE
2017-10-31 Apple PICT Quickdraw image converter packType 4 buffer overflow attempt
RuleID : 44455 - Revision : 2 - Type : FILE-IMAGE
2017-09-28 Microsoft Internet Explorer span frontier parsing memory corruption attempt
RuleID : 44188 - Revision : 2 - Type : BROWSER-IE
2017-09-21 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 44069 - Revision : 2 - Type : FILE-OFFICE
2017-09-21 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 44068 - Revision : 2 - Type : FILE-OFFICE
2017-09-19 Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt
RuleID : 44032 - Revision : 2 - Type : FILE-OFFICE
2017-09-19 Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt
RuleID : 44031 - Revision : 2 - Type : FILE-OFFICE
2017-08-23 Microsoft Office Word SmartTag record code execution attempt
RuleID : 43675 - Revision : 3 - Type : FILE-OFFICE
2017-08-23 Microsoft Office Word SmartTag record code execution attempt
RuleID : 43674 - Revision : 3 - Type : FILE-OFFICE
2017-08-23 Microsoft Access Snapshot Viewer ActiveX function call access attempt
RuleID : 43606 - Revision : 3 - Type : BROWSER-PLUGINS
2017-08-23 Microsoft Access Snapshot Viewer ActiveX function call access attempt
RuleID : 43605 - Revision : 2 - Type : BROWSER-PLUGINS
2016-03-14 Microsoft Internet Explorer argument validation in print preview handling exp...
RuleID : 36453 - Revision : 3 - Type : BROWSER-IE
2014-11-16 Microsoft Office Excel malformed chart arbitrary code execution attempt
RuleID : 31441 - Revision : 2 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Word SmartTag record code execution attempt
RuleID : 31312 - Revision : 6 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Word SmartTag record code execution attempt
RuleID : 31311 - Revision : 6 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Word SmartTag record code execution attempt
RuleID : 31310 - Revision : 6 - Type : FILE-OFFICE
2014-03-06 Microsoft Windows Message System ActiveX function call access
RuleID : 29538 - Revision : 2 - Type : BROWSER-PLUGINS
2014-02-21 Microsoft Office Excel country record arbitrary code execution attempt
RuleID : 29404 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28322 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28321 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28320 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28319 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28318 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28317 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28316 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28315 - Revision : 6 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28314 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28313 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28312 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Office Image filter BMP overflow attempt
RuleID : 28311 - Revision : 2 - Type : FILE-OTHER
2014-01-10 Microsoft Access Snapshot Viewer ActiveX function call access
RuleID : 27793 - Revision : 3 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer ActiveX function call access attempt
RuleID : 27792 - Revision : 4 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer ActiveX clsid access attempt
RuleID : 27791 - Revision : 4 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer ActiveX clsid access attempt
RuleID : 27790 - Revision : 4 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer ActiveX clsid access attempt
RuleID : 27789 - Revision : 4 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer ActiveX function call access
RuleID : 27788 - Revision : 3 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Office eps filters memory corruption attempt
RuleID : 27090 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office eps filters memory corruption attempt
RuleID : 27089 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 26710 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 26709 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 26708 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 26707 - Revision : 4 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 26706 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office eps filters memory corruption attempt
RuleID : 26597 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflo...
RuleID : 26330 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel format record code execution attempt
RuleID : 26329 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Eleanore exploit kit post-exploit page request
RuleID : 21071 - Revision : 5 - Type : EXPLOIT-KIT
2014-01-10 Eleanore exploit kit pdf exploit page request
RuleID : 21070 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Eleanore exploit kit exploit fetch request
RuleID : 21069 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Eleanore exploit kit landing page
RuleID : 21068 - Revision : 4 - Type : EXPLOIT-KIT
2014-01-10 Microsoft Office Excel format record code execution attempt
RuleID : 19552 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer getElementById object corruption
RuleID : 19079 - Revision : 9 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer static text range overflow attempt
RuleID : 17720 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer ExecWB security zone bypass attempt
RuleID : 17692 - Revision : 11 - Type : BROWSER-IE
2014-01-10 Microsoft Office PowerPoint Viewer memory allocation code execution attempt
RuleID : 17310 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word SmartTag record code execution attempt
RuleID : 17308 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer getElementById object corruption attempt
RuleID : 15910 - Revision : 18 - Type : BROWSER-IE
2014-01-10 Microsoft Office Excel malformed chart arbitrary code execution attempt
RuleID : 13981 - Revision : 22 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer http status response memory corruption vulnerability
RuleID : 13980 - Revision : 17 - Type : BROWSER-IE
2014-01-10 Microsoft Windows Event System Subscription VBScript access
RuleID : 13979 - Revision : 14 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows Event System ActiveX function call unicode access
RuleID : 13978 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Event System ActiveX function call access
RuleID : 13977 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Event System ActiveX clsid unicode access
RuleID : 13976 - Revision : 9 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Windows Event System ActiveX clsid access
RuleID : 13975 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer XHTML element memory corruption attempt
RuleID : 13974 - Revision : 13 - Type : BROWSER-IE
2015-05-28 Microsoft Excel format record code execution attempt
RuleID : 13973 - Revision : 12 - Type : WEB-CLIENT
2014-01-10 Microsoft Office Excel country record arbitrary code execution attempt
RuleID : 13972 - Revision : 23 - Type : FILE-OFFICE
2014-01-10 Microsoft Office PowerPoint TxMasterStyle10Atom atom numLevels buffer overflo...
RuleID : 13971 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Office eps filters memory corruption attempt
RuleID : 13970 - Revision : 18 - Type : FILE-OFFICE
2014-01-10 Powerpoint Viewer malformed msoDrawing property table buffer overflow attempt
RuleID : 13969 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Message System ActiveX function call unicode access
RuleID : 13968 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Message System ActiveX function call access
RuleID : 13967 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Message System ActiveX clsid unicode access
RuleID : 13966 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Message System ActiveX clsid access
RuleID : 13965 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer span frontier parsing memory corruption attempt
RuleID : 13964 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer argument validation in print preview handling exp...
RuleID : 13963 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer MHTML zone control bypass attempt
RuleID : 13962 - Revision : 12 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer table layout access violation vulnerability
RuleID : 13961 - Revision : 10 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer static text range overflow attempt
RuleID : 13960 - Revision : 14 - Type : BROWSER-IE
2014-01-10 WordPerfect Graphics file invalid RLE buffer overflow attempt
RuleID : 13958 - Revision : 10 - Type : FILE-OFFICE
2014-01-10 Microsoft Color Management System EMF file processing overflow attempt
RuleID : 13954 - Revision : 10 - Type : OS-WINDOWS
2014-01-10 Apple PICT/Quickdraw image converter packType 3 buffer overflow exploit attempt
RuleID : 13947 - Revision : 11 - Type : FILE-IMAGE
2014-01-10 Apple PICT/Quickdraw image converter packType 4 buffer overflow exploit attempt
RuleID : 13946 - Revision : 11 - Type : FILE-IMAGE
2014-01-10 Microsoft Access Snapshot Viewer 2 ActiveX function call unicode access
RuleID : 13910 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Access Snapshot Viewer 2 ActiveX function call access
RuleID : 13909 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Access Snapshot Viewer 2 ActiveX clsid unicode access
RuleID : 13908 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Access Snapshot Viewer ActiveX clsid access attempt
RuleID : 13907 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer 1 ActiveX function call unicode access
RuleID : 13906 - Revision : 9 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Access Snapshot Viewer ActiveX function call access attempt
RuleID : 13905 - Revision : 18 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Access Snapshot Viewer 1 ActiveX clsid unicode access
RuleID : 13904 - Revision : 8 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Access Snapshot Viewer ActiveX clsid access attempt
RuleID : 13903 - Revision : 15 - Type : BROWSER-PLUGINS
2014-01-10 Windows BMP image conversion arbitrary code execution attempt
RuleID : 13879 - Revision : 13 - Type : OS-WINDOWS
2014-01-10 BMP image handler buffer overflow attempt
RuleID : 13865 - Revision : 18 - Type : FILE-IMAGE

Nessus® Vulnerability Scanner

Date Description
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_aug2008.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms08-041.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through Microsoft Word.
File : smb_nt_ms08-042.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through Microsoft Excel.
File : smb_nt_ms08-043.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through the Microsoft Offic...
File : smb_nt_ms08-044.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms08-045.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through the Microsoft Color...
File : smb_nt_ms08-046.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : The remote host IPsec policy processing could lead to information disclosure.
File : smb_nt_ms08-047.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : An information disclosure vulnerability is present on the remote host due to ...
File : smb_nt_ms08-048.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through the Microsoft Event...
File : smb_nt_ms08-049.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : The remote host is vulnerable to an information disclosure due to Windows Mes...
File : smb_nt_ms08-050.nasl - Type : ACT_GATHER_INFO
2008-08-13 Name : Arbitrary code can be executed on the remote host through Microsoft PowerPoint.
File : smb_nt_ms08-051.nasl - Type : ACT_GATHER_INFO