Date (UTC) | Description |
2008-10-12 |
Bugtraq MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046)
Microsoft Color Management System Vulnerability (MS08-046, CVE-2008-2245)
#Cid: 2008-emf_MS08-046.rar
#Cid: 30594.rar
#Tested: Windows XP PRO SP2
#Tested: cpe:/o:microsoft:windows_xp::sp2:professional
|
2008-08-13 02:39 |
Microsoft Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-042 to address this issue.
|
2008-08-13 02:39 |
Microsoft Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution
Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463)
Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-041 to address this issue.
|
2008-08-13 02:39 |
Microsoft MS08-AUG: Microsoft Security Bulletin Summary for August 2008
Included in this advisory are updates for newly discovered vulnerabilities.
|
2008-08-13 01:25 |
JPCERT/CC JPCERT-AT-2008-0015: August 2008 Microsoft Security Bulletin (including six critical patches)
|
2008-08-12 20:29 |
SANS Internet Storm Center August 2008 Black Tuesday Overview
Overview of the August 2008 Microsoft patches and their status.
|
2008-08-12 19:52 |
US-CERT TA08-225A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
|
2008-08-12 18:16 |
Symantec ThreatCON (1) => (2)
The ThreatCon is at level 2. Microsoft has released the scheduled security bulletins for the month of August 2008.
|
2008-08-11 16:41 |
US-CERT Microsoft Releases August Security Bulletin
US-CERT Current Activity
US-CERT is aware of public reports of a vulnerability that affects Webex Meeting Manager. This vulnerability is due to improper handling of arguments passed to the "NewObject()" method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, a remote attacker may be able to execute arbitrary code.
|
2008-07-09 10:04 |
Trend Micro Let the Games Begin
TrendLabs | Malware Blog - by Trend Micro
|
2008-07-09 03:13 |
Microsoft Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244)
Advisory published.
Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3.
|
2008-07-09 02:20 |
SANS Internet Storm Center Unpatched Word Vulnerability (Version: 1)
What a busy day! Microsoft just released an advisory with details about a new vulnerability in Word, which is currently being exploited in targeted attacks.
|
2008-07-09 |
Trend Micro TROJ_MDROPPER.ZT
Exploit for Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244)
|
2008-07-08 13:01 |
US-CERT Microsoft Releases Security Advisory for Word Vulnerability
US-CERT Current Activity
Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability.
|
2008-07-08 06:55 |
Microsoft Security Response Center Blog Microsoft Security Advisory 953635
|
2008-07-07 18:19 |
Microsoft Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution
Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463)
Advisory published.
|
2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-045, CVE-2008-2258)
Vulnerability Reported
|
2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-045, CVE-2008-2257)
Vulnerability Reported
|
2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability
Excel Record Parsing Vulnerability (MS08-043, CVE-2008-3006)
Vulnerability Reported
|
2008-04-10 |
iDefense Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability
Microsoft Color Management System Vulnerability (MS08-046, CVE-2008-2245)
Vulnerability Reported
This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition.
|
2008-03-27 |
iDefense Microsoft Excel FORMAT Record Invalid Array Index Vulnerability
Excel Index Array Vulnerability (MS08-043, CVE-2008-3005)
Vulnerability Reported
This issue exists in the handling of "FORMAT" records within an Excel spreadsheet (XLS). By crafting a spreadsheet with an out-of-bounds array index, attackers are able to cause Excel to write a byte to arbitrary locations in stack memory.
|
2008-03-27 |
iDefense Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability
Excel Indexing Validation Vulnerability (MS08-043, CVE-2008-3004)
Vulnerability Reported
This issue exists in the handling of "AxesSet" records within a chart embedded in a spreadsheet. This record is typically used for setting the location and size of a set of axes on a chart. This particular record type is not included in Microsoft's official documentation for the Excel file format. However, the freely available source code for OpenOffice implements this record type.
|
2007-09-28 |
iDefense Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability
Memory Allocation Vulnerability (MS08-051, CVE-2008-0120)
Vulnerability Reported
This vulnerability specifically exists when handling CString objects embedded in a PowerPoint presentation file. An issue in this object results in a very small amount of buffer being allocated while a very large amount of data is copied into it. This leads to an exploitable heap-based buffer overflow.
|
2007-09-28 |
iDefense Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability
Memory Calculation Vulnerability (MS08-051, CVE-2008-0121)
Vulnerability Reported
This vulnerability specifically exists in PowerPoint Viewer 2003 when handling certain records in a PowerPoint presentation file. In some circumstances, an array index can be directly controlled by data from within the PowerPoint presentation file. Thus, a function pointer can be directly controlled by the attacker and leveraged for arbitrary code execution.
|
2006-11-07 |
iDefense Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability
Microsoft Office WPG Image File Heap Corruption Vulnerability (MS08-044, CVE-2008-3460)
Vulnerability Reported
This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code.
|
2006-09-14 |
Zero Day Initiative (ZDI) ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption
Microsoft PICT Filter Parsing Vulnerability (MS08-044, CVE-2008-3021)
Vulnerability Reported
|
2006-09-11 |
iDefense Microsoft Office BMP Input Filter Heap Overflow Vulnerability
Microsoft Malformed BMP Filter Vulnerability (MS08-044, CVE-2008-3020)
Vulnerability Reported
The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code.
|