Status Tracking Note TRTA08-253A

Microsoft Updates for Multiple Vulnerabilities

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Media Encoder, and Microsoft Office.

Event Information

Date (UTC)	Description
2008-09-10 01:34	JPCERT/CC JPCERT-AT-2008-0016: September 2008 Microsoft Security Bulletin (including four critical patches)
2008-09-09 22:48	SANS Internet Storm Center September 2008 Black Tuesday Overview Overview of the September 2008 Microsoft patches and their status.
2008-09-09 19:15	US-CERT TA08-253A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List
2008-09-09 18:14	Microsoft MS08-SEP: Microsoft Security Bulletin Summary for September 2008 Included in this advisory are updates for newly discovered vulnerabilities.
2008-09-09 17:10	US-CERT Microsoft Releases September Security Bulletin US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, and Visual Studio as part of the Microsoft Security Bulletin Summary for September 2008. These vulnerabilities may allow an attacker to execute arbitrary code.
2008-09-09	IBM Internet Security Systems Microsoft Windows GDI+ Remote Code Execution GDI+ VML Buffer Overrun Vulnerability (CVE-2007-5348) GDI+ EMF Memory Corruption Vulnerability (CVE-2008-3012) GDI+ GIF Parsing Vulnerability (CVE-2008-3013) GDI+ WMF Buffer Overrun Vulnerability (CVE-2008-3014) GDI+ BMP Integer Overflow Vulnerability (CVE-2008-3015) Microsoft Office is vulnerable to remote code execution through specially-crafted OneNote URLs.
2008-09-09	IBM Internet Security Systems Microsoft Windows Media Encoder Wmex.dll ActiveX Control Remote Code Execution Windows Media Encoder Buffer Overrun Vulnerability (CVE-2008-3008) Microsoft Office is vulnerable to remote code execution through specially-crafted OneNote URLs.
2008-09-09	IBM Internet Security Systems Microsoft Office OneNote File Uniform Resource Locator Remote Code Execution Uniform Resource Locator Validation Error Vulnerability (CVE-2008-3007) Microsoft Office is vulnerable to remote code execution through specially-crafted OneNote URLs.
2008-02-07	Zero Day Initiative (ZDI) ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability GDI+ GIF Parsing Vulnerability (MS08-052, CVE-2008-3013) Vulnerability Reported
2007-07-20	Zero Day Initiative (ZDI) ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability GDI+ BMP Integer Overflow Vulnerability (MS08-052, CVE-2008-3015) Vulnerability Reported
2007-05-09	iDefense Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability GDI+ VML Buffer Overrun Vulnerability (MS08-052, CVE-2007-5348) Vulnerability Reported The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution.

Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA08-253A.html


Date first published (UTC):	2008-09-26T06:36+00:00
Date last updated (UTC):	2008-09-26T06:36+00:00