Status Tracking Note TRTA08-253A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Media Encoder, and Microsoft Office.
Event Information


Date (UTC)Description
2008-09-10 01:34 JPCERT/CC
JPCERT-AT-2008-0016: September 2008 Microsoft Security Bulletin (including four critical patches)
2008-09-09 22:48 SANS Internet Storm Center
September 2008 Black Tuesday Overview
Overview of the September 2008 Microsoft patches and their status.
2008-09-09 19:15 US-CERT
TA08-253A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-09-09 18:14 Microsoft
MS08-SEP: Microsoft Security Bulletin Summary for September 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-09-09 17:10 US-CERT
Microsoft Releases September Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, .NET Framework, Office, SQL Server, and Visual Studio as part of the Microsoft Security Bulletin Summary for September 2008. These vulnerabilities may allow an attacker to execute arbitrary code.
2008-09-09 IBM Internet Security Systems
Microsoft Windows GDI+ Remote Code Execution
GDI+ VML Buffer Overrun Vulnerability (CVE-2007-5348)
GDI+ EMF Memory Corruption Vulnerability (CVE-2008-3012)
GDI+ GIF Parsing Vulnerability (CVE-2008-3013)
GDI+ WMF Buffer Overrun Vulnerability (CVE-2008-3014)
GDI+ BMP Integer Overflow Vulnerability (CVE-2008-3015)
Microsoft Office is vulnerable to remote code execution through specially-crafted OneNote URLs.
2008-09-09 IBM Internet Security Systems
Microsoft Windows Media Encoder Wmex.dll ActiveX Control Remote Code Execution
Windows Media Encoder Buffer Overrun Vulnerability (CVE-2008-3008)
Microsoft Office is vulnerable to remote code execution through specially-crafted OneNote URLs.
2008-09-09 IBM Internet Security Systems
Microsoft Office OneNote File Uniform Resource Locator Remote Code Execution
Uniform Resource Locator Validation Error Vulnerability (CVE-2008-3007)
Microsoft Office is vulnerable to remote code execution through specially-crafted OneNote URLs.
2008-02-07 Zero Day Initiative (ZDI)
ZDI-08-056: Microsoft Windows GDI+ GIF Parsing Code Execution Vulnerability
GDI+ GIF Parsing Vulnerability (MS08-052, CVE-2008-3013)
Vulnerability Reported
2007-07-20 Zero Day Initiative (ZDI)
ZDI-08-055: Microsoft Windows GDI+ BMP Parsing Code Execution Vulnerability
GDI+ BMP Integer Overflow Vulnerability (MS08-052, CVE-2008-3015)
Vulnerability Reported
2007-05-09 iDefense
Microsoft Windows GDI+ Gradient Fill Heap Overflow Vulnerability
GDI+ VML Buffer Overrun Vulnerability (MS08-052, CVE-2007-5348)
Vulnerability Reported
The vulnerability specifically exists in the memory allocation performed by the GDI+ library. Certain malformed gradient fill input can cause the application to corrupt the heap, potentially allowing arbitrary code execution.

Reference

Date first published (UTC): 2008-09-26T06:36+00:00
Date last updated (UTC): 2008-09-26T06:36+00:00
Valid HTML 4.01!