Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA08-253A First vendor Publication 2008-09-09
Vendor US-CERT Last vendor Modification 2008-09-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Media Encoder, and Microsoft Office.

I. Description

Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Windows Media Encoder, and Microsoft Office as part of the Microsoft Security Bulletin Summary for September 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash.

III. Solution

Apply updates from Microsoft

Microsoft has provided updates for these vulnerabilities in the September
2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA08-253A.html

CWE : Common Weakness Enumeration

% Id Name
38 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
25 % CWE-189 Numeric Errors (CWE/SANS Top 25)
12 % CWE-399 Resource Management Errors
12 % CWE-94 Failure to Control Generation of Code ('Code Injection')
12 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:5615
 
Oval ID: oval:org.mitre.oval:def:5615
Title: Windows Media Player Sampling Rate Vulnerability
Description: Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-2253
Version: 3
Platform(s): Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Media Player
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5881
 
Oval ID: oval:org.mitre.oval:def:5881
Title: GDI+ BMP Integer Overflow Vulnerability
Description: Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3015
Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5970
 
Oval ID: oval:org.mitre.oval:def:5970
Title: Uniform Resource Locator Validation Error Vulnerability
Description: Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3007
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s): Microsoft Office XP
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office 2007 Compatibility Pack
Microsoft OneNote 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5986
 
Oval ID: oval:org.mitre.oval:def:5986
Title: GDI+ GIF Parsing Vulnerability
Description: gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3013
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6004
 
Oval ID: oval:org.mitre.oval:def:6004
Title: GDI+ WMF Buffer Overrun Vulnerability
Description: Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3014
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6018
 
Oval ID: oval:org.mitre.oval:def:6018
Title: Windows Media Encoder Buffer Overrun Vulnerability
Description: Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3008
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Media Encoder
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6040
 
Oval ID: oval:org.mitre.oval:def:6040
Title: GDI+ EMF Memory Corruption Vulnerability
Description: gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2008-3012
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6055
 
Oval ID: oval:org.mitre.oval:def:6055
Title: GDI+ VML Buffer Overrun Vulnerability
Description: Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2007-5348
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Microsoft Internet Explorer 6
Microsoft Office 2003
Microsoft Office 2007
Microsoft Office Visio 2002
Microsoft Office XP
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 1
Application 1
Application 5
Application 2
Application 1
Application 1
Application 2
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Application 1
Os 2
Os 2
Os 2
Os 1
Os 4
Os 1
Os 3
Os 4
Os 2

SAINT Exploits

Description Link
Windows Media Encoder 9 wmex.dll ActiveX buffer overflow More info here

OpenVAS Exploits

Date Description
2011-01-18 Name : Microsoft Products GDI Plus Remote Code Execution Vulnerabilities (954593)
File : nvt/gb_ms08-052.nasl
2008-09-10 Name : Windows Media Encoder 9 Remote Code Execution Vulnerability (954156)
File : nvt/secpod_ms08-053_900044.nasl
2008-09-10 Name : Windows Media Player 11 Remote Code Execution Vulnerability (954154)
File : nvt/secpod_ms08-054_900045.nasl
2008-09-10 Name : Microsoft Office Remote Code Execution Vulnerabilities (955047)
File : nvt/secpod_ms08-055_900046.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
47969 Microsoft Multiple Products GDI+ BMP Integer Calculation Overflow

47968 Microsoft Multiple Products GDI+ WMF Image Handling Overflow

47967 Microsoft Multiple Products GDI+ GIF Image Handling Arbitrary Code Execution

47966 Microsoft Multiple Products GDI+ EMF File Handling Memory Corruption

47965 Microsoft Multiple Products GDI+ VML Gradient Size Handling Overflow

A remote overflow exists in GDI+. GDI+ fails to properly handle gradient file sizes resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
47964 Microsoft Office OneNote Protocol Handler (onenote://) URI Handling Arbitrary...

47963 Microsoft Windows Media Player Audio File Sampling Rate Remote Code Execution

An unspecified remote code execution flaw exists in Windows. Windows Media Player fails to validate audio streams resulting in remote code execution. With a specially crafted audio stream, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
47962 Microsoft Windows Media Encoder wmex.dll ActiveX Overflow

A buffer overflow exists in Windows. The wmex.dll ActiveX control fails to validate data passed to the GetDetailsString method resulting in a stack overflow. With a specially crafted web site, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

Information Assurance Vulnerability Management (IAVM)

Date Description
2008-10-09 IAVM : 2008-T-0053 - WinZip gdiplus.dll Microsoft Module Unspecified Security Vulnerability
Severity : Category II - VMSKEY : V0017532
2008-09-11 IAVM : 2008-A-0064 - Microsoft Windows Media Player Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0017342
2008-09-11 IAVM : 2008-B-0057 - Microsoft Windows Media Encoder Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0017344
2008-09-11 IAVM : 2008-B-0058 - Microsoft Office Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0017345

Snort® IPS/IDS

Date Description
2017-08-23 Microsoft Internet Explorer GDI VML gradient size heap overflow attempt
RuleID : 43622 - Revision : 1 - Type : BROWSER-IE
2014-01-10 Microsoft Windows Bitmap width integer overflow multipacket attempt
RuleID : 3634 - Revision : 9 - Type : WEB-CLIENT
2014-01-10 Microsoft Windows Bitmap width integer overflow attempt
RuleID : 3632 - Revision : 25 - Type : FILE-IMAGE
2015-10-01 Microsoft Windows Bitmap width integer overflow attempt
RuleID : 35848 - Revision : 3 - Type : FILE-IMAGE
2014-01-10 Microsoft Windows Media Encoder 9 ActiveX function call access
RuleID : 27800 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft GDI EMF malformed file buffer overflow attempt
RuleID : 25502 - Revision : 4 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows Media Encoder 9 ActiveX buffer overflow attempt
RuleID : 16578 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft RSClientPrint ActiveX clsid unicode access
RuleID : 14636 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft RSClientPrint ActiveX clsid access
RuleID : 14635 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Office OneNote iframe caller exploit attempt
RuleID : 14262 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows GDI VML gradient size heap overflow attempt
RuleID : 14261 - Revision : 17 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows GDI+ GIF image invalid number of extension blocks buffer ov...
RuleID : 14260 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Windows Media Encoder 9 ActiveX function call unicode access
RuleID : 14258 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Media Encoder 9 ActiveX function call access
RuleID : 14257 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Windows Media Encoder 9 ActiveX clsid unicode access
RuleID : 14256 - Revision : 7 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Windows Media Encoder 9 ActiveX clsid access
RuleID : 14255 - Revision : 14 - Type : BROWSER-PLUGINS
2014-01-10 Windows Media Player malicious playlist buffer overflow attempt
RuleID : 14254 - Revision : 17 - Type : FILE-MULTIMEDIA
2014-01-10 Windows Media Player malicious playlist buffer overflow attempt
RuleID : 14253 - Revision : 17 - Type : FILE-MULTIMEDIA
2014-01-10 Windows Media Player malicious playlist buffer overflow attempt
RuleID : 14252 - Revision : 17 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows GDI WMF parsing buffer overflow attempt
RuleID : 14251 - Revision : 10 - Type : OS-WINDOWS

Nessus® Vulnerability Scanner

Date Description
2008-09-10 Name : Arbitrary code can be executed on the remote host through the Microsoft GDI r...
File : smb_nt_ms08-052.nasl - Type : ACT_GATHER_INFO
2008-09-10 Name : Arbitrary code can be executed on the remote host through Media Player.
File : smb_nt_ms08-053.nasl - Type : ACT_GATHER_INFO
2008-09-10 Name : Arbitrary code can be executed on the remote host through the Media Player.
File : smb_nt_ms08-054.nasl - Type : ACT_GATHER_INFO
2008-09-10 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms08-055.nasl - Type : ACT_GATHER_INFO