Status Tracking Note TRTA08-043C

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Visual Basic and Internet Information Services (IIS). Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code, gain elevated privileges, or crash a vulnerable system.
Event Information


Date (UTC)Description
2008-02-19 19:42 Symantec
ThreatCON (2) => (1)
The ThreatCon is at level 1. Patches for the vulnerabilities that Microsoft disclosed on February 12, 2008 have been available for over a week. No widespread exploitation of these issues has been observed.
2008-02-15 12:37 US-CERT
Public Exploit Code for Microsoft Works Vulnerabilities
US-CERT Current Activity
US-CERT is aware of reports of publicly available exploit code for vulnerabilities in Microsoft Works 6 File Converter. By convincing a user to open a specially crafted Works file, an attacker may be able to execute arbitrary code on an affected system. This vulnerability was addressed in Microsoft Security Bulletin MS08-011.
2008-02-13 23:25 BreakingPoint Systems
Fun with WebDAV (MS08-007)
Mini-Redirector Heap Overflow Vulnerability (CVE-2008-0080)
2008-02-13 22:50 BreakingPoint Systems
Exploiting IIS via HTMLEncode (MS08-006)
ASP Vulnerability (CVE-2008-0075)
the process of finding, investigating, and exploiting MS08-006.
2008-02-13 01:54 JPCERT/CC
JPCERT-AT-2008-0003: Feb 2008 Microsoft Security Bulletin (including six critical patches)
2008-02-13 Fortinet
FGA-2008-05: Invalid Memory Reference Vulnerability in Microsoft Office Publisher
Publisher Invalid Memory Reference Vulnerability (CVE-2008-0102)
An invalid memory reference vulnerability exists in Microsoft Office Publisher, which allows remote execution when a victim is targeted with a specially crafted Publisher file.
2008-02-13 Bugtraq
Microsoft Office .WPS File Stack Overflow Exploit (MS08-011)
Vulnerability Proof Of Concept (Microsoft Works File Converter Input Validation Vulnerability - CVE-2008-0108)
A vulnerability exists in WPS to RTF convert filter that is part of Microsoft Office 2003.
#Cid: pumpernikiel.c
#Cid: 27659.c
#Tested: Windows XP SP2 + Office 2003
2008-02-12 22:58 US-CERT
TA08-043C: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-02-12 21:35 SANS Internet Storm Center
February Black Tuesday Overview
Overview of the February 2008 Microsoft patches and their status.
2008-02-12 19:48 Microsoft
MS08-FEB: Microsoft Security Bulletin Summary for February 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-02-12 18:36 Symantec
ThreatCON (1) => (2)
Microsoft has released numerous security bulletins to address various critical vulnerabilities. We urge customers to apply the available patches immediately.
2008-02-12 17:55 US-CERT
Microsoft Releases February Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Visual Basic, VBScript, JScript, Internet Explorer, IIS, Active Directory, ADAM, Office, Works, and Works Suite as part of the Microsoft Security Bulletin Summary for February 2008.
2008-02-12 IBM Internet Security Systems
Microsoft Works Converter Section Header Index Table Information Remote Code Execution
Microsoft Works Converter could allow a remote attacker to execute arbitrary code on the system.
2008-02-12 IBM Internet Security Systems
Microsoft Visual FoxPro FPOLE.OCX ActiveX Control Buffer Overflow
The Microsoft Visual FoxPro ActiveX control is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the FoxDoCmd function. A public exploit is available.
2008-02-12 IBM Internet Security Systems
Microsoft OleLoadPicture Remote Code Execution Vulnerability
Microsoft Windows is vulnerable to a buffer overflow, caused by improper bounds checking when using OLE Automation that could lead to memory corruption. By creating a Web page containing specially crafted script requests, a remote attacker could overflow a buffer and execute arbitrary code on the system with privileges of the victim.
2008-02-12 IBM Internet Security Systems
Remote Vista Denial of Service (DHCP Broadcast)
Microsoft Windows Vista is vulnerable to a denial of service caused by an error in the Duplicate Address Detection logic used by the Dynamic Host Configuration Protocol (DHCP) server.
2007-10-24 iDefense
Microsoft Internet Explorer Property Memory Corruption Vulnerability
Property Memory Corruption Vulnerability (CVE-2008-0077)
Vulnerability Reported
When certain properties are assigned malformed values, memory can be corrupted in a way that leads to Internet Explorer making a call to a member function of an already released property object. If the memory location of the released property object happens to be filled by attacker controlled content, the attacker can execute arbitrary code.
2007-09-17 Zero Day Initiative (ZDI)
ZDI-08-006: Microsoft Internet Explorer SVG animateMotion.by Code Execution Vulnerability
Property Memory Corruption Vulnerability (CVE-2008-0077)
Vulnerability Reported
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
2007-09-06 Bugtraq
Microsoft Visual FoxPro 6.0 (FPOLE.OCX v. 6.0.8450.0) Remote PoC
Vulnerability Proof Of Concept (ActiveX Object Memory Corruption Vulnerability - CVE-2007-4790)
Microsoft Visual FoxPro ActiveX control is prone to a vulnerability that lets attackers execute arbitrary commands.
#Cid: 25571.html
#Tested: Windows XP PRO SP2 + IE 7
2007-07-02 reversemode.com
Microsoft Word Memory Corruption Vulnerability
Word Memory Corruption Vulnerability (CVE-2008-0109)
Vulnerability Reported
Microsoft Word 2003 is prone to a memory corruption vulnerability while parsing a specially crafted Word file. The vulnerability is caused by calculation errors while parsing certain fields within the barely documented, File Information Block (FIB).
2007-06-14 iDefense
Microsoft Office Works Converter Stack-based Buffer Overflow Vulnerability
Microsoft Works File Converter Input Validation Vulnerability (CVE-2008-0108)
Vulnerability Reported
This vulnerability stems from improper input validation of section length headers when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, a stack-based buffer overflow occurs. This leads to a directly exploitable condition.
2006-11-13 iDefense
Microsoft Office Works Converter Heap Overflow Vulnerability
Microsoft Works File Converter Input Validation Vulnerability (CVE-2007-0216)
Vulnerability Reported
This vulnerability stems from improper input validation of OLE structures within wkcvqd01.dll when converting a Microsoft Works document (WPS extension) to Rich Text Format (RTF). When certain fields are modified, such as the length or count values, heap corruption can occur. This leads to a potentially exploitable condition.

Reference

Date first published (UTC): 2008-02-17T08:01+00:00
Date last updated (UTC): 2008-02-25T19:16+00:00
Valid HTML 4.01!