| Date (UTC) | Description |
| 2008-04-28 |
Bugtraq
MS Windows XP SP2 (win32k.sys) Privilege Escalation Exploit (MS08-025)
Vulnerability Proof Of Concept (Windows Kernel Vulnerability - MS08-025)
#Cid: 2008-ms08-25-exploit.zip
#Cid: 28554.zip
#Tested: Windows XP SP2
|
| 2008-04-14 |
Bugtraq
MS Windows GDI Image Parsing Stack Overflow Exploit (MS08-021)
Vulnerability Proof Of Concept (GDI stack Overflow Vulnerability - MS08-021)
#Cid: 28570.cpp
#Cid: 2008-exploit_08021.zip
#Tested: Windows XP SP2
#Tested: cpe:/o:microsoft:windows_xp::sp2
|
| 2008-04-14 |
Bugtraq
MS Windows GDI (EMR_COLORMATCHTOTARGETW) Exploit MS08-021
Vulnerability Proof Of Concept (GDI stack Overflow Vulnerability - MS08-021)
#Cid: 2008-Gdi.tgz
#Cid: 28570-Gdi.tgz
#Tested: Windows XP PRO SP1
#Tested: cpe:/o:microsoft:windows_xp::sp1:professional
|
| 2008-04-11 19:03 |
US-CERT
Active Exploitation of GDI Vulnerabilities
US-CERT Current Activity
US-CERT is following public reports indicating that attackers are attempting to exploit vulnerabilities in GDI. These vulnerabilities are due to buffer overflow conditions that exist in the processing of EMF and WMF image files. By convincing a user to open a specially crafted EMF or WMF file, a remote attacker may be able to execute arbitrary code. These vulnerabilities were addressed in Microsoft Security Bulletin MS08-021. Users who have not applied this patch are vulnerable.
|
| 2008-04-11 15:21 |
Arbor Networks
Elevated ATLAS Threat Index - GDI Exploits in the Wild
The ATLAS Threat Index is used to track global security issues as a barometer, and we're raising the index (something we don't do very often). We are doing so because see evidence that the GDI vulnerability - MS08-021 - is being exploited in the wild. We have not yet seen widespread attacks, but we anticipate that this attack vector will grow in popularity in the coming days, similar to the WMF and ANI attack vectors in the past couple of years.
|
| 2008-04-11 14:01 |
SANS Internet Storm Center
Symantec Threatcon Level 2
It appears that Symantec has raised the Threatcon to Level 2 this afternoon.
|
| 2008-04-10 20:51 |
Symantec
ThreatCON (2) => (2)
We have observed in-the-wild exploit attempts targeting MS08-021. Currently the attacks appear to be unsuccessful. Users are advised to apply the available patches as soon as possible.
|
| 2008-04-10 13:12 |
Symantec
Attempt at Exploiting Latest GDI Vulnerability Found in the Wild
GDI Overflow Vulnerability (MS08-021)
It has been less than two days since Microsoft announced a couple of vulnerabilities in graphics device interface (GDI) EMF formatted images, but our DeepSight honeypots are already showing some signs of exploitation in the wild. Although the exploits that we have seen so far do not yet appear to be functional, they appear to have the right general idea in their exploitation. It is possible that these exploits either have been leaked and are "in-work" copies, or that they are functional on some platform that we have not tested.
|
| 2008-04-10 |
Bugtraq
MS08-025 Local Privilege Escalation Vulnerability Exploit(POC)
Vulnerability Proof Of Concept (Windows Kernel Vulnerability - MS08-025)
#Cid: 28554-PoC.c
|
| 2008-04-10 |
Symantec
Trojan.Emifie
GDI stack Overflow Vulnerability (MS08-021, CVE-2008-1087)
|
| 2008-04-09 02:14 |
JPCERT/CC
JPCERT-AT-2008-0006: Apr 2008 Microsoft Security Bulletin (including five critical patches)
|
| 2008-04-08 20:11 |
Symantec
ThreatCON (1) => (2)
Microsoft released five 'critical' and three 'important' security bulletins for April 2008. Patches are available. None of these vulnerabilities have been seen in the wild.
|
| 2008-04-08 18:56 |
US-CERT
TA08-099A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
|
| 2008-04-08 18:33 |
Microsoft
MS08-APR: Microsoft Security Bulletin Summary for April 2008
Included in this advisory are updates for newly discovered vulnerabilities.
|
| 2008-04-08 18:33 |
US-CERT
Microsoft Releases April Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for April 2008. These vulnerabilities could allow an attacker to execute arbitrary code, access the system with elevated privileges, or redirect internet traffic.
|
| 2008-04-08 17:42 |
SANS Internet Storm Center
April 2008 - Black Tuesday Overview
Overview of the April 2008 Microsoft patches and their status.
|
| 2008-04-08 |
IBM Internet Security Systems
Microsoft GDI Remote Code Execution
GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083)
GDI stack Overflow Vulnerability (MS08-021, CVE-2008-1087)
Microsoft Windows graphic device interface (GDI) is vulnerable to multiple buffer overflows.
|
| 2008-04-08 |
IBM Internet Security Systems
Microsoft Internet Explorer File Registered Viewer Code Execution
Data Stream Handling Memory Corruption Vulnerability (MS08-024, CVE-2008-1085)
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system.
|
| 2008-02-07 |
Zero Day Initiative (ZDI)
ZDI-08-008: Microsoft GDI WMF Parsing Heap Overflow Vulnerability
GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083)
Vulnerability Reported
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required in that a user must open a malicious file or visit a malicious web page.
|
| 2007-12-17 |
iDefense
Microsoft Windows Graphics Rendering Engine Heap Buffer Overflow Vulnerability
GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083)
Vulnerability Reported
The vulnerability occurs when parsing a maliciously crafted EMF file. When performing an arithmetic operation that calculates the size of a heap buffer the code incorrectly assumes that the color depth is a fixed size. By specifying a different color depth, it is possible to trigger a heap based buffer overflow.
|
| 2007-12-17 |
iDefense
Microsoft Windows Graphics Rendering Engine Integer Overflow Vulnerability
GDI Heap Overflow Vulnerability (MS08-021, CVE-2008-1083)
Vulnerability Reported
The vulnerability occurs when parsing a header structure in an EMF file that describes a bitmap contained in the file. Several values from this header are used in an arithmetic operation that calculates the number of bytes to allocate for a heap buffer. This calculation can overflow, which results in an undersized heap buffer being allocated. This buffer is then overflowed with data from the file.
|
| 2007-11-13 15:17 |
Trusteer Ltd.
Microsoft Windows DNS Stub Resolver Cache Poisoning
DNS Spoofing Attack Vulnerability (MS08-020)
Windows DNS stub resolver queries are predictable - i.e. that the source UDP port and DNS transaction ID can be effectively predicted. A predictability algorithm is described that, in optimal conditions, provides very few guesses for the "next" query, thereby overcoming whatever protection offered by the transaction ID mechanism. This enables a much more effective DNS client poisoning than the currently known attacks against Windows DNS stub resolver.
|
| 2006-12-12 |
iDefense
Microsoft HxTocCtrl ActiveX Control Invalid Param Heap Corruption Vulnerability
ActiveX Object Memory Corruption Vulnerability (MS08-023, CVE-2008-1086)
Vulnerability Reported
Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Microsoft Help 2.5 ActiveX control allows an attacker to execute arbitrary code with the privileges of the logged-on user.
|
