Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Microsoft Updates for Multiple Vulnerabilities
Informations
Name TA09-160A First vendor Publication 2009-06-09
Vendor US-CERT Last vendor Modification 2009-06-09
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer.

I. Description

As part of the Microsoft Security Bulletin Summary for June 2009, Microsoft released updates to address vulnerabilities that affect Microsoft Windows, Office, and Internet Explorer.

II. Impact

A remote, unauthenticated attacker could execute arbitrary code, gain elevated privileges, or cause a vulnerable application to crash.

III. Solution

Microsoft has provided updates for these vulnerabilities in the Microsoft Security Bulletin Summary for June 2009. The security bulletin describes any known issues related to the updates.
Administrators are encouraged to note these issues and test for any potentially adverse effects. Administrators should consider using an automated update distribution system such as Windows Server Update Services (WSUS).

Original Source

Url : http://www.us-cert.gov/cas/techalerts/TA09-160A.html

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-8 Buffer Overflow in an API Call
CAPEC-9 Buffer Overflow in Local Command-Line Utilities
CAPEC-10 Buffer Overflow via Environment Variables
CAPEC-14 Client-side Injection-induced Buffer Overflow
CAPEC-24 Filter Failure through Buffer Overflow
CAPEC-42 MIME Conversion
CAPEC-44 Overflow Binary Resource File
CAPEC-45 Buffer Overflow via Symbolic Links
CAPEC-46 Overflow Variables and Tags
CAPEC-47 Buffer Overflow via Parameter Expansion
CAPEC-100 Overflow Buffers

CWE : Common Weakness Enumeration

% Id Name
29 % CWE-399 Resource Management Errors
16 % CWE-94 Failure to Control Generation of Code ('Code Injection')
13 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
13 % CWE-20 Improper Input Validation
6 % CWE-287 Improper Authentication
6 % CWE-264 Permissions, Privileges, and Access Controls
6 % CWE-200 Information Exposure
3 % CWE-362 Race Condition
3 % CWE-189 Numeric Errors (CWE/SANS Top 25)
3 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11525
 
Oval ID: oval:org.mitre.oval:def:11525
Title: Array Indexing Memory Corruption Vulnerability
Description: Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0558
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5428
 
Oval ID: oval:org.mitre.oval:def:5428
Title: Script Execution in Windows Search Vulnerability
Description: Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0239
Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Windows Search 4.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5554
 
Oval ID: oval:org.mitre.oval:def:5554
Title: DHTML Object Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1141
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5564
 
Oval ID: oval:org.mitre.oval:def:5564
Title: Object Record Corruption Vulnerability
Description: Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Object Record Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0557
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5815
 
Oval ID: oval:org.mitre.oval:def:5815
Title: Print Spooler Read File Vulnerability
Description: The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0229
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5830
 
Oval ID: oval:org.mitre.oval:def:5830
Title: Record Pointer Corruption Vulnerability
Description: Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0549
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Office Excel Viewer 2003
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5861
 
Oval ID: oval:org.mitre.oval:def:5861
Title: IIS 5.0 WebDAV Authentication Bypass Vulnerability
Description: The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1122
Version: 1
Platform(s): Microsoft Windows 2000
Product(s): Microsoft Internet Information Server 5.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5912
 
Oval ID: oval:org.mitre.oval:def:5912
Title: Windows Driver Class Registration Vulnerability
Description: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1125
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5922
 
Oval ID: oval:org.mitre.oval:def:5922
Title: Record Pointer Corruption Vulnerability
Description: Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1134
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2007
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5925
 
Oval ID: oval:org.mitre.oval:def:5925
Title: Record Integer Overflow Vulnerability
Description: Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2; and Microsoft Office SharePoint Server 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via an Excel file with a Shared String Table (SST) record with a numeric field that specifies an invalid number of unique strings, which triggers a heap-based buffer overflow, aka "Record Integer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0561
Version: 9
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Microsoft Office SharePoint Server 2007
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6016
 
Oval ID: oval:org.mitre.oval:def:6016
Title: Windows Desktop Parameter Edit Vulnerability
Description: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1126
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6029
 
Oval ID: oval:org.mitre.oval:def:6029
Title: IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability
Description: The WebDAV extension in Microsoft Internet Information Services (IIS) 5.1 and 6.0 allows remote attackers to bypass URI-based protection mechanisms, and list folders or read, create, or modify files, via a %c0%af (Unicode / character) at an arbitrary position in the URI, as demonstrated by inserting %c0%af into a "/protected/" initial pathname component to bypass the password protection on the protected\ folder, aka "IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1122.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1535
Version: 1
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Information Server 5.1
Microsoft Internet Information Server 6.0
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6041
 
Oval ID: oval:org.mitre.oval:def:6041
Title: Race Condition Cross-Domain Information Disclosure Vulnerability
Description: Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code or perform other actions upon a page transition, with the permissions of the old page and the content of the new page, as demonstrated by setInterval functions that set location.href within a try/catch expression, aka the "bait & switch vulnerability" or "Race Condition Cross-Domain Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2007-3091
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6133
 
Oval ID: oval:org.mitre.oval:def:6133
Title: Word Buffer Overflow Vulnerability
Description: Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; Microsoft Office Word Viewer 2003 SP3; Microsoft Office Word Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a crafted tag containing an invalid length field, aka "Word Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0563
Version: 12
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Microsoft Office Word Viewer 2003
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6178
 
Oval ID: oval:org.mitre.oval:def:6178
Title: Field Sanitization Memory Corruption Vulnerability
Description: Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0560
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel 2007
Microsoft Office Excel Viewer 2003
Microsoft Office Excel Viewer
Microsoft Office Compatibility Pack
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6180
 
Oval ID: oval:org.mitre.oval:def:6180
Title: Active Directory Invalid Free Vulnerability
Description: The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
Family: windows Class: vulnerability
Reference(s): CVE-2009-1138
Version: 1
Platform(s): Microsoft Windows 2000
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6206
 
Oval ID: oval:org.mitre.oval:def:6206
Title: Windows Kernel Desktop Vulnerability
Description: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1123
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6227
 
Oval ID: oval:org.mitre.oval:def:6227
Title: RPC Marshalling Engine Vulnerability
Description: The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0568
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6231
 
Oval ID: oval:org.mitre.oval:def:6231
Title: Windows Kernel Pointer Validation Vulnerability
Description: The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1124
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6244
 
Oval ID: oval:org.mitre.oval:def:6244
Title: HTML Objects Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1532
Version: 5
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer 8
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6253
 
Oval ID: oval:org.mitre.oval:def:6253
Title: Active Directory Memory Leak Vulnerability
Description: Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1139
Version: 8
Platform(s): Microsoft Windows XP
Microsoft Windows 2000
Microsoft Windows Server 2003
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6260
 
Oval ID: oval:org.mitre.oval:def:6260
Title: HTML Object Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly synchronize AJAX requests, which allows allows remote attackers to execute arbitrary code via a large number of concurrent, asynchronous XMLHttpRequest calls, aka "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1528
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6273
 
Oval ID: oval:org.mitre.oval:def:6273
Title: String Copy Stack-Based Overrun Vulnerability
Description: Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0559
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Excel 2000
Microsoft Excel 2002
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6278
 
Oval ID: oval:org.mitre.oval:def:6278
Title: Cross-Domain Information Disclosure Vulnerability
Description: Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP SP2 and SP3; 6 and 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not prevent HTML rendering of cached content, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors, aka "Cross-Domain Information Disclosure Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1140
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6287
 
Oval ID: oval:org.mitre.oval:def:6287
Title: Print Spooler Load Library Vulnerability
Description: The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0230
Version: 6
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6292
 
Oval ID: oval:org.mitre.oval:def:6292
Title: File Converter Buffer Overflow Vulnerability
Description: Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1533
Version: 1
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Product(s): Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2003
Microsoft Word 2007
Microsoft Works 8.5
Microsoft Works 9
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6294
 
Oval ID: oval:org.mitre.oval:def:6294
Title: HTML Objects Memory Corruption Vulnerability
Description: Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1530
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6295
 
Oval ID: oval:org.mitre.oval:def:6295
Title: Uninitialized Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by calling the setCapture method on a collection of crafted objects, aka "Uninitialized Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1529
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6308
 
Oval ID: oval:org.mitre.oval:def:6308
Title: HTML Object Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-1531
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6317
 
Oval ID: oval:org.mitre.oval:def:6317
Title: Buffer Overflow in Print Spooler Vulnerability
Description: Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0228
Version: 1
Platform(s): Microsoft Windows 2000
Product(s):
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6334
 
Oval ID: oval:org.mitre.oval:def:6334
Title: Word Buffer Overflow Vulnerability
Description: Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2; Microsoft Office for Mac 2004 and 2008; Open XML File Format Converter for Mac; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a Word document with a malformed record that triggers memory corruption, aka "Word Buffer Overflow Vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2009-0565
Version: 8
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows Server 2008
Product(s): Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 2007
Microsoft Office Compatibility Pack
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 7
Application 3
Application 3
Application 5
Application 2
Application 4
Application 2
Application 4
Application 5
Application 2
Application 1
Application 1
Application 1
Application 2
Os 2
Os 9
Os 2
Os 3
Os 18
Os 14
Os 8

SAINT Exploits

Description Link
Microsoft Works File Converter FontName buffer overflow More info here
MS Office Word malformed Sprm record buffer overflow More info here
Windows Print Spooler EnumeratePrintShares buffer overflow More info here
Microsoft Excel BIFF format Qsir record memory corruption More info here

OpenVAS Exploits

Date Description
2009-06-15 Name : Ubuntu USN-785-1 (ipsec-tools)
File : nvt/ubuntu_785_1.nasl
2009-06-12 Name : Microsoft Office Excel Remote Code Execution Vulnerabilities (969462)
File : nvt/secpod_ms09-021.nasl
2009-06-11 Name : Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
File : nvt/secpod_ms09-018.nasl
2009-06-10 Name : Cumulative Security Update for Internet Explorer (969897)
File : nvt/secpod_ms09-019.nasl
2009-06-10 Name : Microsoft IIS Security Bypass Vulnerability (970483)
File : nvt/secpod_ms09-020.nasl
2009-06-10 Name : Vulnerabilities in Print Spooler Could Allow Remote Code Execution (961501)
File : nvt/secpod_ms09-022.nasl
2009-06-10 Name : Microsoft Windows Search Script Execution Vulnerability (963093)
File : nvt/secpod_ms09-023.nasl
2009-06-10 Name : Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
File : nvt/secpod_ms09-025.nasl
2009-06-10 Name : Vulnerability in RPC Could Allow Elevation of Privilege (970238)
File : nvt/secpod_ms09-026.nasl
2009-06-10 Name : Microsoft Office Word Remote Code Execution Vulnerabilities (969514)
File : nvt/secpod_ms09-027.nasl
2009-05-20 Name : Microsoft IIS WebDAV Remote Authentication Bypass Vulnerability
File : nvt/secpod_ms_iis_webdav_auth_bypass_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56474 Microsoft IIS WebDAV Extension URL Decode Crafted HTTP Request Authentication...

54960 Microsoft Office Word Malformed Record Handling Overflow (2009-0565)

54959 Microsoft Office Word Malformed Length Field Handling Overflow (2009-0563)

54958 Microsoft Office Excel BIFF File QSIR Record Object Pointer Handling Remote C...

54957 Microsoft Office Excel File SST Record Handling String Parsing Overflow

54956 Microsoft Office Excel Record Object Field Sanitization Memory Corruption

54955 Microsoft Office Excel Malformed Records Handling Overflow

54954 Microsoft Office Excel Record Parsing Array Indexing Memory Corruption

54953 Microsoft Office Excel Malformed Record Object Pointer Handling Remote Code E...

54952 Microsoft Office Excel Malformed Record Object Pointer Handling Remote Code E...

54951 Microsoft IE Crafted HTML Malformed Row Property References Memory Corruption

54950 Microsoft IE Crafted onreadystatechange Event Memory Corruption

54949 Microsoft IE Crafted HTML Document Node Addition Event Handler Memory Corruption

54948 Microsoft IE setCapture Function Object Handling Uninitialized Memory Corruption

54947 Microsoft IE Crafted AJAX XMLHttpRequest Synchronization Memory Corruption

54946 Microsoft IE DHTML tr Element Handling Crafted Method Memory Corruption

54945 Microsoft IE Cached Data Handling Cross-Domain Information Disclosure

54944 Microsoft IE Race Condition Cross-Domain Information Disclosure

54943 Microsoft Windows Kernel Desktop Parameter Manipulation Local Privilege Escal...

54942 Microsoft Windows Kernel Driver Class Registration Local Privilege Escalation

54941 Microsoft Windows Kernel User Mode Pointer Passing Local Privilege Escalation

54940 Microsoft Windows Kernel Desktop Object Manipulation Local Privilege Escalation

54939 Microsoft Office Works for Windows File Converter .wps Handling Overflow

54938 Microsoft Windows Active Directory Crafted LDAP(S) Request Handling Remote DoS

54937 Microsoft Windows Active Directory Crafted LDAP(S) Request Hexdecimal DN Attr...

54936 Microsoft Windows RPC Marshalling Engine Internal State Manipulation Remote C...

54935 Microsoft Windows MSHTML Search Preview Display Information Disclosure

54934 Microsoft Windows Print Spooler Load Library Crafted RPC Message Arbitrary DL...

54933 Microsoft Windows Print Spooler Crafted Separator Page Arbitrary Local File D...

54932 Microsoft Windows Print Spooler win32spl.dll EnumeratePrintShares Function Re...

54555 Microsoft IIS WebDAV Unicode URI Request Authentication Bypass

38497 Microsoft IE Page Transaction Race Condition Arbitrary Code Execution

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-06-11 IAVM : 2009-T-0032 - Information Disclosure Vulnerability in Microsoft Windows Search
Severity : Category II - VMSKEY : V0019397
2009-06-11 IAVM : 2009-B-0022 - Multiple vulnerabilities in Microsoft Internet Information Services (IIS)
Severity : Category II - VMSKEY : V0019400
2009-06-11 IAVM : 2009-B-0025 - Microsoft Works Converter Remote Code Execution Vulnerability
Severity : Category II - VMSKEY : V0019406

Snort® IPS/IDS

Date Description
2019-01-15 (http_inspect)unicodemapcodepointencodinginURI
RuleID : 7 - Revision : 2 - Type :
2019-12-24 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 52286 - Revision : 2 - Type : FILE-OFFICE
2019-12-24 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 52285 - Revision : 2 - Type : FILE-OFFICE
2019-12-24 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 52284 - Revision : 2 - Type : FILE-OFFICE
2019-12-24 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 52283 - Revision : 2 - Type : FILE-OFFICE
2019-10-01 Microsoft Excel ExternSheet record remote code execution attempt
RuleID : 51311 - Revision : 2 - Type : FILE-OFFICE
2019-10-01 Microsoft Excel ExternSheet record remote code execution attempt
RuleID : 51310 - Revision : 2 - Type : FILE-OFFICE
2019-09-12 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 50957 - Revision : 1 - Type : FILE-OFFICE
2019-09-12 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 50956 - Revision : 1 - Type : FILE-OFFICE
2017-02-03 Microsoft Internet Explorer layout object use after free attempt
RuleID : 41107 - Revision : 1 - Type : BROWSER-IE
2016-04-19 Microsoft Office Excel Formula record remote code execution attempt
RuleID : 38265 - Revision : 2 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel FtCbls remote code execution attempt
RuleID : 31876 - Revision : 2 - Type : FILE-OFFICE
2014-11-16 Microsoft Office Excel FtCbls remote code execution attempt
RuleID : 31875 - Revision : 2 - Type : FILE-OFFICE
2014-11-16 Microsoft Internet Explorer Unexpected method call remote code execution attempt
RuleID : 31402 - Revision : 2 - Type : BROWSER-IE
2014-11-16 Microsoft Office Excel Qsir and Qsif record remote code execution attempt
RuleID : 31374 - Revision : 2 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel FtCbls remote code execution attempt
RuleID : 28136 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel FtCbls remote code execution attempt
RuleID : 28135 - Revision : 5 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 28133 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 28132 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 28131 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 28130 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 28129 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 28128 - Revision : 3 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 25969 - Revision : 7 - Type : FILE-OFFICE
2014-01-10 DCERPC NCACN-IP-TCP spoolss NetShareEnumAll response overflow attempt
RuleID : 20275 - Revision : 7 - Type : NETBIOS
2014-01-10 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 19943 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Works 4.x converter font name buffer overflow attempt
RuleID : 18616 - Revision : 10 - Type : FILE-OFFICE
2014-01-10 Microsoft Works 4.x converter font name buffer overflow attempt
RuleID : 18615 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel BRAI record remote code execution attempt
RuleID : 18399 - Revision : 15 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 17742 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 17691 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 17690 - Revision : 14 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer event handler memory corruption attempt
RuleID : 17566 - Revision : 9 - Type : BROWSER-IE
2014-01-10 WebDAV Request Directory Security Bypass attempt
RuleID : 17564 - Revision : 7 - Type : SERVER-IIS
2014-01-10 VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow
RuleID : 17527 - Revision : 11 - Type : FILE-MULTIMEDIA
2014-01-10 Microsoft Windows IIS 5.0 WebDav Request Directory Security Bypass
RuleID : 17525 - Revision : 9 - Type : SERVER-IIS
2014-01-10 Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ...
RuleID : 16423 - Revision : 14 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer Javascript Page update race condition attempt
RuleID : 16010 - Revision : 9 - Type : BROWSER-IE
2014-01-10 Microsoft Office Excel Qsir and Qsif record remote code execution attempt
RuleID : 15542 - Revision : 16 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel SST record remote code execution attempt
RuleID : 15541 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer layout object use after free attempt
RuleID : 15540 - Revision : 16 - Type : BROWSER-IE
2014-01-10 Microsoft Office Excel Formula record remote code execution attempt
RuleID : 15539 - Revision : 19 - Type : FILE-OFFICE
2014-01-10 Microsoft Internet Explorer onreadystatechange memory corruption attempt
RuleID : 15538 - Revision : 10 - Type : BROWSER-IE
2015-05-28 Microsoft Office Excel MsoDrawingGroup record remote code execution attempt
RuleID : 15537 - Revision : 6 - Type : WEB-CLIENT
2014-01-10 Microsoft Internet Explorer invalid object modification exploit attempt
RuleID : 15536 - Revision : 7 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer setCapture heap corruption exploit attempt
RuleID : 15535 - Revision : 12 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer XML HttpRequest race condition exploit attempt
RuleID : 15534 - Revision : 10 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer Unexpected method call remote code execution attempt
RuleID : 15531 - Revision : 10 - Type : BROWSER-IE
2014-01-10 Microsoft Internet Explorer cross-domain navigation cookie stealing attempt
RuleID : 15529 - Revision : 9 - Type : BROWSER-IE
2014-01-10 Microsoft Windows DCERPC NCACN-IP-TCP spoolss RpcSetPrinterDataEx attempt
RuleID : 15528 - Revision : 7 - Type : OS-WINDOWS
2014-01-10 Microsoft Windows Active Directory LDAP denial of service attempt
RuleID : 15527 - Revision : 11 - Type : OS-WINDOWS
2014-01-10 Microsoft Works 4.x converter font name buffer overflow attempt
RuleID : 15526 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 15525 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Word remote code execution attempt
RuleID : 15524 - Revision : 13 - Type : FILE-OFFICE
2014-01-10 Microsoft Windows srvsvc NetrShareEnum netname overflow attempt
RuleID : 15523 - Revision : 8 - Type : OS-WINDOWS
2014-01-10 Active Directory invalid OID denial of service attempt
RuleID : 15522 - Revision : 8 - Type : SERVER-OTHER
2014-01-10 Microsoft Office Excel ExternSheet record remote code execution attempt
RuleID : 15521 - Revision : 11 - Type : FILE-OFFICE
2014-01-10 Microsoft Office Excel FtCbls remote code execution attempt
RuleID : 15520 - Revision : 8 - Type : WEB-CLIENT
2014-01-10 Microsoft Office Excel BRAI record remote code execution attempt
RuleID : 15519 - Revision : 11 - Type : FILE-OFFICE

Nessus® Vulnerability Scanner

Date Description
2012-04-20 Name : The remote Mac OS X host appears to have been compromised.
File : macosx_sabpab_trojan.nasl - Type : ACT_GATHER_INFO
2010-10-20 Name : An application installed on the remote Mac OS X host is affected by multiple ...
File : macosx_ms_office_jun2009.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : Arbitrary code can be executed on the remote host through Microsoft Active Di...
File : smb_nt_ms09-018.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : Arbitrary code can be executed on the remote host through a web browser.
File : smb_nt_ms09-019.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : It is possible to bypass authentication on the remote web server.
File : smb_nt_ms09-020.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : It is possible to execute arbitrary code on the remote Windows host using Mic...
File : smb_nt_ms09-021.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : Arbitrary code can be executed on the remote host due to a flaw in the Spoole...
File : smb_nt_ms09-022.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : A vulnerability in Windows Search may lead to information disclosure.
File : smb_nt_ms09-023.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : Arbitrary code can be executed on the remote host through Microsoft Office.
File : smb_nt_ms09-024.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : The remote Windows kernel is affected by local privilege escalation vulnerabi...
File : smb_nt_ms09-025.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : Arbitrary code can be executed on the remote host through its RPC facility.
File : smb_nt_ms09-026.nasl - Type : ACT_GATHER_INFO
2009-06-10 Name : Arbitrary code can be executed on the remote host through Microsoft Word.
File : smb_nt_ms09-027.nasl - Type : ACT_GATHER_INFO
2009-05-18 Name : It is possible to access protected resources through WebDAV.
File : webdav_iis6_flaw.nasl - Type : ACT_ATTACK