Status Tracking Note TRTA08-225A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer.
Event Information


Date (UTC)Description
2008-10-12 Bugtraq
MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046)
Microsoft Color Management System Vulnerability (MS08-046, CVE-2008-2245)
#Cid: 2008-emf_MS08-046.rar
#Cid: 30594.rar
#Tested: Windows XP PRO SP2
#Tested: cpe:/o:microsoft:windows_xp::sp2:professional
2008-08-13 02:39 Microsoft
Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-042 to address this issue.
2008-08-13 02:39 Microsoft
Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution
Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-041 to address this issue.
2008-08-13 02:39 Microsoft
MS08-AUG: Microsoft Security Bulletin Summary for August 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-08-13 01:25 JPCERT/CC
JPCERT-AT-2008-0015: August 2008 Microsoft Security Bulletin (including six critical patches)
2008-08-12 20:29 SANS Internet Storm Center
August 2008 Black Tuesday Overview
Overview of the August 2008 Microsoft patches and their status.
2008-08-12 19:52 US-CERT
TA08-225A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-08-12 18:16 Symantec
ThreatCON (1) => (2)
The ThreatCon is at level 2. Microsoft has released the scheduled security bulletins for the month of August 2008.
2008-08-11 16:41 US-CERT
Microsoft Releases August Security Bulletin
US-CERT Current Activity
US-CERT is aware of public reports of a vulnerability that affects Webex Meeting Manager. This vulnerability is due to improper handling of arguments passed to the "NewObject()" method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, a remote attacker may be able to execute arbitrary code.
2008-07-09 10:04 Trend Micro
Let the Games Begin
TrendLabs | Malware Blog - by Trend Micro
2008-07-09 03:13 Microsoft
Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244)
Advisory published.
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3.
2008-07-09 02:20 SANS Internet Storm Center
Unpatched Word Vulnerability (Version: 1)
What a busy day! Microsoft just released an advisory with details about a new vulnerability in Word, which is currently being exploited in targeted attacks.
2008-07-09 Trend Micro
TROJ_MDROPPER.ZT
Exploit for Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244)
2008-07-08 13:01 US-CERT
Microsoft Releases Security Advisory for Word Vulnerability
US-CERT Current Activity
Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.
2008-07-08 06:55 Microsoft Security Response Center Blog
Microsoft Security Advisory 953635
2008-07-07 18:19 Microsoft
Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution
Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463)
Advisory published.
2008-04-16 Zero Day Initiative (ZDI)
ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-045, CVE-2008-2258)
Vulnerability Reported
2008-04-16 Zero Day Initiative (ZDI)
ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-045, CVE-2008-2257)
Vulnerability Reported
2008-04-16 Zero Day Initiative (ZDI)
ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
Excel Record Parsing Vulnerability (MS08-043, CVE-2008-3006)
Vulnerability Reported
2008-04-10 iDefense
Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability
Microsoft Color Management System Vulnerability (MS08-046, CVE-2008-2245)
Vulnerability Reported
This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition.
2008-03-27 iDefense
Microsoft Excel FORMAT Record Invalid Array Index Vulnerability
Excel Index Array Vulnerability (MS08-043, CVE-2008-3005)
Vulnerability Reported
This issue exists in the handling of "FORMAT" records within an Excel spreadsheet (XLS). By crafting a spreadsheet with an out-of-bounds array index, attackers are able to cause Excel to write a byte to arbitrary locations in stack memory.
2008-03-27 iDefense
Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability
Excel Indexing Validation Vulnerability (MS08-043, CVE-2008-3004)
Vulnerability Reported
This issue exists in the handling of "AxesSet" records within a chart embedded in a spreadsheet. This record is typically used for setting the location and size of a set of axes on a chart. This particular record type is not included in Microsoft's official documentation for the Excel file format. However, the freely available source code for OpenOffice implements this record type.
2007-09-28 iDefense
Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability
Memory Allocation Vulnerability (MS08-051, CVE-2008-0120)
Vulnerability Reported
This vulnerability specifically exists when handling CString objects embedded in a PowerPoint presentation file. An issue in this object results in a very small amount of buffer being allocated while a very large amount of data is copied into it. This leads to an exploitable heap-based buffer overflow.
2007-09-28 iDefense
Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability
Memory Calculation Vulnerability (MS08-051, CVE-2008-0121)
Vulnerability Reported
This vulnerability specifically exists in PowerPoint Viewer 2003 when handling certain records in a PowerPoint presentation file. In some circumstances, an array index can be directly controlled by data from within the PowerPoint presentation file. Thus, a function pointer can be directly controlled by the attacker and leveraged for arbitrary code execution.
2006-11-07 iDefense
Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability
Microsoft Office WPG Image File Heap Corruption Vulnerability (MS08-044, CVE-2008-3460)
Vulnerability Reported
This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code.
2006-09-14 Zero Day Initiative (ZDI)
ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption
Microsoft PICT Filter Parsing Vulnerability (MS08-044, CVE-2008-3021)
Vulnerability Reported
2006-09-11 iDefense
Microsoft Office BMP Input Filter Heap Overflow Vulnerability
Microsoft Malformed BMP Filter Vulnerability (MS08-044, CVE-2008-3020)
Vulnerability Reported
The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code.

Reference

Date first published (UTC): 2008-08-13T14:26+00:00
Date last updated (UTC): 2008-12-28T00:55+00:00
Valid HTML 4.01!