| Date (UTC) | Description |
| 2009-04-17 18:29 |
Symantec
ThreatCON (2) => (1)
On April 14, 2009, Microsoft released eight security bulletins to address a number of vulnerabilities. No widespread malicious activity targeting these issues has been identified.
|
| 2009-04-15 01:30 |
Fortinet, Inc.
FGA-2009-16: Microsoft Office Excel Memory Corruption Vulnerability
Memory Corruption Vulnerability (CVE-2009-0100)
The vulnerability lies in "excel.exe", which is used when processing an Excel file. A maliciously crafted document will cause Excel to crash when processing. The crash occurs while calculating memory using an offset and a two-byte value contained in the document. If the two-byte value is set to a high value, an overflow condition will occur during memory calculation.
|
| 2009-04-15 00:59 |
JPCERT/CC
JPCERT-AT-2009-0007: March 2009 Microsoft Security Bulletin (including one critical patche)
|
| 2009-04-14 22:34 |
Microsoft
Microsoft Security Advisory (968272): Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
Memory Corruption Vulnerability (MS09-009, CVE-2009-0238)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-009 to address this issue.
|
| 2009-04-14 22:34 |
Microsoft
Microsoft Security Advisory (953818): Blended Threat from Combined Attack Using Applefs Safari on the Windows Platform
Blended Threat Remote Code Execution Vulnerability (MS09-014, MS09-015, CVE-2008-2540)
Microsoft has issued MS09-014 and MS09-015 to address this issue.
|
| 2009-04-14 22:34 |
Microsoft
Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege
Windows MSDTC Service Isolation Vulnerability (MS09-012, CVE-2008-1436)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-012 to address this issue.
|
| 2009-04-14 22:34 |
Microsoft
Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
WordPad Word 97 Text Converter Stack Overflow Vulnerability (MS09-010, CVE-2008-4841)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-010 to address this issue.
|
| 2009-04-14 19:56 |
SANS Internet Storm Center
April Black Tuesday Overview (Version: 2)
Overview of the April 2009 Microsoft patches and their status.
|
| 2009-04-14 19:44 |
US-CERT
TA09-104A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
|
| 2009-04-14 18:15 |
Symantec
ThreatCON (2) => (2)
On April 14, 2009, Microsoft released eight security bulletins to address a number of vulnerabilities. Customers are advised to review the advisories and apply the relevant updates.
|
| 2009-04-14 17:36 |
US-CERT
Microsoft Releases April Security Bulletin Summary
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, and Forefront Edge Security as part of the Microsoft Security Bulletin Summary for April 2009. These vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or operate with escalated privileges.
|
| 2009-04-14 17:28 |
Microsoft
ms09-apr: Microsoft Security Bulletin Summary for April 2009
Included in this advisory are updates for newly discovered vulnerabilities.
|
| 2009-04-14 |
IBM Internet Security Systems
Microsoft DirectShow MJPEG Remote Code Execution
MJPEG Decompression Vulnerability (CVE-2009-0084)
Microsoft DirectShow, which is part of Microsoft DirectX, could allow a remote attacker to execute arbitrary code on the system by persuading a victim to open a specially-crafted MJPEG (video) file.
|
| 2009-04-09 17:16 |
Microsoft
ms09-apr: Microsoft Security Bulletin Advance Notification for April 2009
Included in this advisory are updates for newly discovered vulnerabilities.
|
| 2009-02-26 |
IBM Internet Security Systems
Microsoft Excel Remote Code Execution Vulnerability
Memory Corruption Vulnerability (CVE-2009-0238)
An unspecified error in Microsoft Excel could allow a remote attacker to execute arbitrary code on the system. There are confirmed reports of targeted exploitation.
|
| 2009-02-24 19:23 |
Microsoft
Microsoft Security Advisory (968272): Vulnerability in Microsoft Office Excel Could Allow Remote Code Execution
Memory Corruption Vulnerability (MS09-009, CVE-2009-0238)
Advisory published.
Microsoft is investigating new public reports of a vulnerability in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file. At this time, we are aware only of limited and targeted attacks that attempt to use this vulnerability.
|
| 2009-02-24 18:10 |
US-CERT
Microsoft Releases Security Advisory (968272)
US-CERT Current Activity
Microsoft has released Security Advisory 968272 to address reports of a vulnerability in Microsoft Office Excel. By convincing a user to open a specially crafted Excel document, an attacker may be able to execute arbitrary code.
|
| 2008-12-19 |
iDefense
Microsoft WordPad Word97 Converter Stack Buffer Overflow Vulnerability
WordPad Word 97 Text Converter Stack Overflow Vulnerability (CVE-2009-0235)
Vulnerability Reported
The vulnerability occurs when parsing the content of a Word97 format file. When reading in the data, the code uses a 32-bit integer from the file to check a buffer length while using the lower 16-bit value to do the actual copy. This results in a stack buffer overflow. This stack buffer is overwritten with data from the file.
|
| 2008-12-09 20:08 |
Microsoft
Microsoft Security Advisory (960906): Vulnerability in WordPad Text Converter Could Allow Remote Code Execution
Advisory published.
Microsoft is investigating new reports of a vulnerability in the WordPad Text Converter for Word 97 files on Windows 2000 SP4, Windows XP SP2, Windows Server 2003 SP1, and Windows Server 2003 SP2.
|
| 2008-05-31 01:15 |
Microsoft
Microsoft Security Advisory (953818): Blended Threat from Combined Attack Using Applefs Safari on the Windows Platform
Blended Threat Remote Code Execution Vulnerability (MS09-014, MS09-015, CVE-2008-2540)
Advisory published.
|
| 2008-04-18 04:56 |
Microsoft
Microsoft Security Advisory (951306): Vulnerability in Windows Could Allow Elevation of Privilege
Windows MSDTC Service Isolation Vulnerability (MS09-012, CVE-2008-1436)
Advisory published.
|
| 2006-06-28 |
iDefense
Microsoft Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability
Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability (CVE-2009-0088)
Vulnerability Reported
The vulnerability is triggered by conversion code not properly validating a counter against the allocated length of a structure before processing it. Depending on the contents of the data file, control structures on the stack may be modified as a result, potentially allowing the execution of arbitrary code.
|
