Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Microsoft Updates for Multiple Vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | TA08-288A | First vendor Publication | 2008-10-14 |
| Vendor | US-CERT | Last vendor Modification | 2008-10-14 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 10 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, and Microsoft Office. I. Description Microsoft has released updates to address vulnerabilities that affect Microsoft Windows, Internet Explorer, and Microsoft Office as part of the Microsoft Security Bulletin Summary for October 2008. The most severe vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code. For more information, see the US-CERT Vulnerability Notes Database. II. Impact A remote, unauthenticated attacker could execute arbitrary code or cause a vulnerable application to crash. III. Solution Apply updates from Microsoft Microsoft has provided updates for these vulnerabilities in the October 2008 Security Bulletin Summary. The security bulletin describes any known issues related to the updates. Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS). |
Original Source
| Url : http://www.us-cert.gov/cas/techalerts/TA08-288A.html |
CAPEC : Common Attack Pattern Enumeration & Classification
| Id | Name |
|---|---|
| CAPEC-3 | Using Leading 'Ghost' Character Sequences to Bypass Input Filters |
| CAPEC-7 | Blind SQL Injection |
| CAPEC-8 | Buffer Overflow in an API Call |
| CAPEC-9 | Buffer Overflow in Local Command-Line Utilities |
| CAPEC-10 | Buffer Overflow via Environment Variables |
| CAPEC-13 | Subverting Environment Variable Values |
| CAPEC-14 | Client-side Injection-induced Buffer Overflow |
| CAPEC-18 | Embedding Scripts in Nonscript Elements |
| CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
| CAPEC-24 | Filter Failure through Buffer Overflow |
| CAPEC-26 | Leveraging Race Conditions |
| CAPEC-28 | Fuzzing |
| CAPEC-29 | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions |
| CAPEC-31 | Accessing/Intercepting/Modifying HTTP Cookies |
| CAPEC-32 | Embedding Scripts in HTTP Query Strings |
| CAPEC-42 | MIME Conversion |
| CAPEC-43 | Exploiting Multiple Input Interpretation Layers |
| CAPEC-45 | Buffer Overflow via Symbolic Links |
| CAPEC-46 | Overflow Variables and Tags |
| CAPEC-47 | Buffer Overflow via Parameter Expansion |
| CAPEC-52 | Embedding NULL Bytes |
| CAPEC-53 | Postfix, Null Terminate, and Backslash |
| CAPEC-63 | Simple Script Injection |
| CAPEC-64 | Using Slashes and URL Encoding Combined to Bypass Validation Logic |
| CAPEC-66 | SQL Injection |
| CAPEC-67 | String Format Overflow in syslog() |
| CAPEC-71 | Using Unicode Encoding to Bypass Validation Logic |
| CAPEC-72 | URL Encoding |
| CAPEC-73 | User-Controlled Filename |
| CAPEC-78 | Using Escaped Slashes in Alternate Encoding |
| CAPEC-79 | Using Slashes in Alternate Encoding |
| CAPEC-80 | Using UTF-8 Encoding to Bypass Validation Logic |
| CAPEC-81 | Web Logs Tampering |
| CAPEC-83 | XPath Injection |
| CAPEC-85 | Client Network Footprinting (using AJAX/XSS) |
| CAPEC-86 | Embedding Script (XSS ) in HTTP Headers |
| CAPEC-88 | OS Command Injection |
| CAPEC-91 | XSS in IMG Tags |
| CAPEC-99 | XML Parser Attack |
| CAPEC-101 | Server Side Include (SSI) Injection |
| CAPEC-104 | Cross Zone Scripting |
| CAPEC-106 | Cross Site Scripting through Log Files |
| CAPEC-108 | Command Line Execution through SQL Injection |
| CAPEC-109 | Object Relational Mapping Injection |
| CAPEC-110 | SQL Injection through SOAP Parameter Tampering |
| CAPEC-171 | Variable Manipulation |
| CAPEC-172 | Time and State Attacks |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 26 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 21 % | CWE-399 | Resource Management Errors |
| 11 % | CWE-190 | Integer Overflow or Wraparound (CWE/SANS Top 25) |
| 5 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
| 5 % | CWE-287 | Improper Authentication |
| 5 % | CWE-284 | Access Control (Authorization) Issues |
| 5 % | CWE-200 | Information Exposure |
| 5 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
| 5 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 5 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
| 5 % | CWE-20 | Improper Input Validation |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:12364 | |||
| Oval ID: | oval:org.mitre.oval:def:12364 | ||
| Title: | Information disclosure vulnerability in Internet Explorer due to HTML element | ||
| Description: | Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "HTML Element Cross-Domain Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3472 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13151 | |||
| Oval ID: | oval:org.mitre.oval:def:13151 | ||
| Title: | Uninitialized Memory Corruption Vulnerability in Internet Explorer | ||
| Description: | Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3475 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13255 | |||
| Oval ID: | oval:org.mitre.oval:def:13255 | ||
| Title: | Information disclosure vulnerability in Internet Explorer due to improper event-handling | ||
| Description: | Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy, and execute arbitrary code or obtain sensitive information, via a crafted HTML document, aka "Event Handling Cross-Domain Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3473 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13299 | |||
| Oval ID: | oval:org.mitre.oval:def:13299 | ||
| Title: | Cross-Domain Information Disclosure Vulnerability in Internet Explorer | ||
| Description: | Microsoft Internet Explorer 6 and 7 does not properly determine the domain or security zone of origin of web script, which allows remote attackers to bypass the intended cross-domain security policy and obtain sensitive information via a crafted HTML document, aka "Cross-Domain Information Disclosure Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3474 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:13344 | |||
| Oval ID: | oval:org.mitre.oval:def:13344 | ||
| Title: | HTML Objects Memory Corruption Vulnerability in Internet Explorer | ||
| Description: | Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle errors associated with access to uninitialized memory, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "HTML Objects Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3476 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5343 | |||
| Oval ID: | oval:org.mitre.oval:def:5343 | ||
| Title: | Virtual Address Descriptor Elevation of Privilege Vulnerability (MS08-064) | ||
| Description: | Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4036 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5750 | |||
| Oval ID: | oval:org.mitre.oval:def:5750 | ||
| Title: | File Format Parsing Vulnerability | ||
| Description: | Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3471 | Version: | 9 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office Compatibility Pack |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5764 | |||
| Oval ID: | oval:org.mitre.oval:def:5764 | ||
| Title: | Integer Overflow in IPP Service Vulnerability | ||
| Description: | Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-1446 | Version: | 4 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5787 | |||
| Oval ID: | oval:org.mitre.oval:def:5787 | ||
| Title: | SMB Buffer Underflow Vulnerability | ||
| Description: | Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4038 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5825 | |||
| Oval ID: | oval:org.mitre.oval:def:5825 | ||
| Title: | Messaging Queue Service Remote Code Execution Vulnerability | ||
| Description: | afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3464 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5870 | |||
| Oval ID: | oval:org.mitre.oval:def:5870 | ||
| Title: | Calendar Object Validation Vulnerability | ||
| Description: | Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3477 | Version: | 6 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5901 | |||
| Oval ID: | oval:org.mitre.oval:def:5901 | ||
| Title: | Window Location Property Cross-Domain Vulnerability | ||
| Description: | Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote attackers to access restricted information from other domains via JavaScript that uses the Object data type for the value of a (1) location or (2) location.href property, related to incorrect determination of the origin of web script, aka "Window Location Property Cross-Domain Vulnerability." NOTE: according to Microsoft, CVE-2008-2948 and CVE-2008-2949 are duplicates of this issue, probably different attack vectors. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2947 | Version: | 8 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6 Microsoft Internet Explorer 7 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5902 | |||
| Oval ID: | oval:org.mitre.oval:def:5902 | ||
| Title: | Windows Kernel Window Creation Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2250 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:5969 | |||
| Oval ID: | oval:org.mitre.oval:def:5969 | ||
| Title: | Vulnerability in Content-Disposition Header Vulnerability | ||
| Description: | Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 allows remote attackers to inject arbitrary web script or HTML via a document that contains a "Content-Disposition: attachment" header and is accessed through a cdo: URL, which renders the content instead of raising a File Download dialog box, aka "Vulnerability in Content-Disposition Header Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4020 | Version: | 2 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Office XP |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:5998 | |||
| Oval ID: | oval:org.mitre.oval:def:5998 | ||
| Title: | Messaging Queue Service Remote Code Execution Vulnerability | ||
| Description: | Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3479 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:6010 | |||
| Oval ID: | oval:org.mitre.oval:def:6010 | ||
| Title: | Windows Kernel Unhandled Exception Vulnerability | ||
| Description: | Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2251 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6045 | |||
| Oval ID: | oval:org.mitre.oval:def:6045 | ||
| Title: | Windows Kernel Memory Corruption Vulnerability | ||
| Description: | The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-2252 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6075 | |||
| Oval ID: | oval:org.mitre.oval:def:6075 | ||
| Title: | HIS Command Execution Vulnerability | ||
| Description: | Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-3466 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows 7 | Product(s): | Microsoft Host Integration Server 2000 Microsoft Host Integration Server 2004 Client Microsoft Host Integration Server 2004 Microsoft Host Integration Server 2006 |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6102 | |||
| Oval ID: | oval:org.mitre.oval:def:6102 | ||
| Title: | Formula Parsing Vulnerability | ||
| Description: | Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office SharePoint Server 2007 Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file containing a formula within a cell, aka "Formula Parsing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4019 | Version: | 12 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 | Product(s): | Microsoft Excel 2000 Microsoft Excel 2002 Microsoft Excel 2003 Microsoft Excel 2007 Microsoft Office Excel Viewer 2003 Microsoft Office Excel Viewer 2007 Microsoft Office SharePoint Server 2007 Microsoft Office Compatibility Pack |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:6107 | |||
| Oval ID: | oval:org.mitre.oval:def:6107 | ||
| Title: | Active Directory Overflow Vulnerability | ||
| Description: | Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2008-4023 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 | Product(s): | |
| Definition Synopsis: | |||
CPE : Common Platform Enumeration
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Excel formula parsing integer overflow | More info here |
| Microsoft Host Integration Server SNA RPC authentication bypass | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-06-09 | Name : Message Queuing Remote Code Execution Vulnerability (951071) - Remote File : nvt/secpod_ms08-065_remote.nasl |
| 2008-10-15 | Name : Microsoft Office nformation Disclosure Vulnerability (957699) File : nvt/secpod_ms08-056_900047.nasl |
| 2008-10-15 | Name : Microsoft Excel Remote Code Execution Vulnerability (956416) File : nvt/secpod_ms08-057_900048.nasl |
| 2008-10-15 | Name : Cumulative Security Update for Internet Explorer (956390) File : nvt/secpod_ms08-058_900054.nasl |
| 2008-10-15 | Name : Host Integration Server RPC Service Remote Code Execution Vulnerability (956695) File : nvt/secpod_ms08-059_900049.nasl |
| 2008-10-15 | Name : Active Directory Could Allow Remote Code Execution Vulnerability (957280) File : nvt/secpod_ms08-060_900050.nasl |
| 2008-10-15 | Name : Windows Kernel Elevation of Privilege Vulnerability (954211) File : nvt/secpod_ms08-061_900051.nasl |
| 2008-10-15 | Name : Windows Internet Printing Service Allow Remote Code Execution Vulnerability (... File : nvt/secpod_ms08-062_900052.nasl |
| 2008-10-15 | Name : SMB Remote Code Execution Vulnerability (957095) File : nvt/secpod_ms08-063_900053.nasl |
| 2008-10-15 | Name : Virtual Address Descriptor Manipulation Elevation of Privilege Vulnerability ... File : nvt/secpod_ms08-064_900225.nasl |
| 2008-10-15 | Name : Message Queuing Remote Code Execution Vulnerability (951071) File : nvt/secpod_ms08-065_900224.nasl |
| 2008-10-15 | Name : Microsoft Ancillary Function Driver Elevation of Privilege Vulnerability (956... File : nvt/secpod_ms08-066_900223.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 49118 | Microsoft IE HTML Object Handling Memory Corruption |
| 49117 | Microsoft IE componentFromPoint Unitialized Memory Corruption |
| 49116 | Microsoft IE Unspecified Cross-domain Information Disclosure |
| 49115 | Microsoft IE Unspecified Cross-domain Arbitrary Script Execution |
| 49114 | Microsoft IE Unspecified HTML Element Cross-Domain Code Execution |
| 49113 | Microsoft IE Window Location Property Cross-Domain Code Execution |
| 49078 | Microsoft Excel Embedded Formula Parsing Arbitrary Code Execution |
| 49077 | Microsoft Excel Calendar Object Validation VBA Performance Cache Processing A... |
| 49076 | Microsoft Excel BIFF File Malformed Object Handling Arbitrary Code Execution |
| 49068 | Microsoft Host Integration Server (HIS) SNA RPC Request Remote Overflow An overflow exists in Host Integration Server. The RPC interface fails to validate SNA RPC messages resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 49061 | Microsoft Windows Ancillary Function Driver (afd.sys) Local Privilege Escalation Windows contains a flaw that may allow a malicious local user to gain access to unauthorized privileges. The issue is triggered by a flaw in the Ancillary Function Driver (afs.sys), and may lead to a loss of integrity. |
| 49060 | Microsoft Windows Message Queuing Service RPC Request Handling Remote Code Ex... A buffer overflow exists in Windows. The Message Queuing Service fails to validate RPC calls resulting in a heap buffer overflow. With a specially crafted RPC call, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 49059 | Microsoft IIS IPP Service Unspecified Remote Overflow |
| 49058 | Microsoft Windows Active Directory LDAP(S) Request Handling Remote Overflow |
| 49057 | Microsoft Windows SMB File Name Handling Remote Underflow |
| 49056 | Microsoft Windows Kernel Memory Corruption Local Privilege Escalation |
| 49055 | Microsoft Windows Kernel New Window Creation Process Arbitrary Code Execution |
| 49054 | Microsoft Windows Kernel Double-free Unspecified Local Privilege Escalation |
| 49053 | Microsoft Windows Virtual Address Descriptors (VAD) Local Privilege Escalation |
| 49052 | Microsoft Office CDO Protocol (cdo:) Content-Disposition: Attachment Header XSS |
| 46630 | Microsoft IE location Window Object Handling XSS |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-07-02 | IAVM : 2009-A-0049 - Microsoft Windows AFD Driver Local Privilege Escalation Vulnerability Severity : Category I - VMSKEY : V0019589 |
| 2008-10-16 | IAVM : 2008-T-0055 - Microsoft Office Information Disclosure Vulnerability Severity : Category II - VMSKEY : V0017779 |
| 2008-10-16 | IAVM : 2008-T-0056 - Microsoft Message Queuing Service Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0017781 |
| 2008-10-16 | IAVM : 2008-B-0075 - Microsoft Internet Printing Service Remote Code Execution Vulnerability Severity : Category I - VMSKEY : V0017793 |
| 2008-10-16 | IAVM : 2008-B-0074 - Microsoft Host Integration Server RPC Service Remote Code Execution Vulnerabi... Severity : Category I - VMSKEY : V0017794 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2019-10-01 | Microsoft Office Excel invalid FRTWrapper record integer underflow attempt RuleID : 51314 - Revision : 1 - Type : FILE-OFFICE |
| 2019-10-01 | Microsoft Office Excel invalid FRTWrapper record integer underflow attempt RuleID : 51313 - Revision : 1 - Type : FILE-OFFICE |
| 2017-08-24 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 43699 - Revision : 2 - Type : FILE-OFFICE |
| 2017-08-24 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 43698 - Revision : 2 - Type : FILE-OFFICE |
| 2016-03-25 | Microsoft Office Excel file with embedded ActiveX control RuleID : 37846 - Revision : 1 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 26175 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel FRTWrapper record buffer overflow attempt RuleID : 26174 - Revision : 4 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows SMB Trans2 Find_First2 filename overflow attempt RuleID : 21529 - Revision : 9 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Office Excel REPT integer underflow attempt RuleID : 17734 - Revision : 12 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel FRTWrapper record buffer overflow attempt RuleID : 16800 - Revision : 17 - Type : FILE-OFFICE |
| 2015-05-28 | DCERPC NCACN-IP-TCP host-integration little endian bind attempt RuleID : 14740 - Revision : 5 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP host-integration bind attempt RuleID : 14739 - Revision : 5 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP host-integration little endian alter context attempt RuleID : 14738 - Revision : 5 - Type : NETBIOS |
| 2014-01-10 | DCERPC NCACN-IP-TCP host-integration bind attempt RuleID : 14737 - Revision : 15 - Type : OS-WINDOWS |
| 2015-05-28 | DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName object call overflow attempt RuleID : 14736 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian object call overf... RuleID : 14735 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian object call overf... RuleID : 14734 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName object call overflow attempt RuleID : 14733 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt RuleID : 14732 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName overflow attempt RuleID : 14731 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP v4 mqqm QMGetRemoteQueueName little endian overflow attempt RuleID : 14730 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCADG-IP-UDP v4 mqqm QMGetRemoteQueueName little endian overflow attempt RuleID : 14729 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName little endian overflow attempt RuleID : 14728 - Revision : 6 - Type : NETBIOS |
| 2015-05-28 | DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName little endian overflow attempt RuleID : 14727 - Revision : 6 - Type : NETBIOS |
| 2014-01-10 | DCERPC NCADG-IP-UDP mqqm QMGetRemoteQueueName overflow attempt RuleID : 14726 - Revision : 13 - Type : OS-WINDOWS |
| 2014-01-10 | DCERPC NCACN-IP-TCP mqqm QMGetRemoteQueueName overflow attempt RuleID : 14725 - Revision : 17 - Type : OS-WINDOWS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX unicode andx attempt RuleID : 14724 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX andx attempt RuleID : 14723 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response unicode andx attempt RuleID : 14722 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response andx attempt RuleID : 14721 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX little endian andx attempt RuleID : 14720 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response little endian andx attempt RuleID : 14719 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response unicode little endian andx attempt RuleID : 14718 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX unicode little endian andx attempt RuleID : 14717 - Revision : 12 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX unicode attempt RuleID : 14716 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX attempt RuleID : 14715 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response unicode attempt RuleID : 14714 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response attempt RuleID : 14713 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX little endian attempt RuleID : 14712 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | SMB spoolss EnumJobs response little endian attempt RuleID : 14711 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | DCERPC NCACN-IP-TCP spoolss EnumJobs attempt RuleID : 14710 - Revision : 20 - Type : OS-WINDOWS |
| 2014-01-10 | SMB spoolss EnumJobs response WriteAndX unicode little endian attempt RuleID : 14709 - Revision : 10 - Type : NETBIOS |
| 2014-01-10 | DCERPC NCACN-IP-TCP spoolss EnumJobs attempt RuleID : 14661 - Revision : 17 - Type : NETBIOS |
| 2014-01-10 | Microsoft Internet Explorer cross domain componentFromPoint memory corruption... RuleID : 14657 - Revision : 14 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer XSS mouseevent PII disclosure attempt RuleID : 14656 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Office Excel REPT integer underflow attempt RuleID : 14655 - Revision : 14 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Windows SMB Search unicode andx Search filename size integer underf... RuleID : 14654 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search andx Search filename size integer underflow attempt RuleID : 14653 - Revision : 14 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search unicode andx Search filename size integer underf... RuleID : 14652 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search andx Search filename size integer underflow attempt RuleID : 14651 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search unicode Search filename size integer underflow a... RuleID : 14650 - Revision : 12 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search Search filename size integer underflow attempt RuleID : 14649 - Revision : 16 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search unicode Search filename size integer underflow a... RuleID : 14648 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Windows SMB Search Search filename size integer underflow attempt RuleID : 14647 - Revision : 11 - Type : OS-WINDOWS |
| 2014-01-10 | Active Directory malformed baseObject denial of service attempt RuleID : 14646 - Revision : 8 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Internet Explorer cross domain setExpression exploit attempt RuleID : 14645 - Revision : 18 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer createRange cross domain scripting RuleID : 14644 - Revision : 19 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer location and location.href cross domain security ... RuleID : 14643 - Revision : 14 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Office Excel file with embedded ActiveX control RuleID : 14642 - Revision : 17 - Type : FILE-OFFICE |
| 2014-01-10 | Microsoft Office Excel invalid FRTWrapper record buffer overflow attempt RuleID : 14641 - Revision : 21 - Type : FILE-OFFICE |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2018-04-03 | Name : The remote web server may allow remote code execution. File : iis_7_pci.nasl - Type : ACT_GATHER_INFO |
| 2010-10-20 | Name : An application installed on the remote Mac OS X host is affected by multiple ... File : macosx_ms08-057.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host. File : smb_kb951071.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host through Host Integration Se... File : smb_kb956695.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : The remote installation of Microsoft Office is vulnerable to an information d... File : smb_nt_ms08-056.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host through Microsoft Excel. File : smb_nt_ms08-057.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms08-058.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host through Host Integration Se... File : smb_nt_ms08-059.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : It is possible to execute arbitrary code through Active Directory on the remo... File : smb_nt_ms08-060.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : A local user can elevate his privileges on the remote host. File : smb_nt_ms08-061.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : It is possible to execute arbitrary code on the remote host via the internet ... File : smb_nt_ms08-062.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : It is possible to crash the remote host due to a flaw in the 'server' service. File : smb_nt_ms08-063.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : A local user can elevate privileges on the remote host. File : smb_nt_ms08-064.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : Arbitrary code can be executed on the remote host. File : smb_nt_ms08-065.nasl - Type : ACT_GATHER_INFO |
| 2008-10-15 | Name : A local user can elevate privileges on the remote host. File : smb_nt_ms08-066.nasl - Type : ACT_GATHER_INFO |
