Status Tracking Note TRTA08-344A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, Word, Excel, SharePoint Server, Visual Basic 6 and related components.
Event Information

Date (UTC)Description
2008-12-12 Bugtraq
MS Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC
Windows Common AVI Parsing Overflow Vulnerability (CVE-2008-4255, MS08-070)
#Cid: 32613.pl
2008-12-10 02:41 JPCERT/CC
JPCERT-AT-2008-0022: December 2008 Microsoft Security Bulletin (including six critical patche)
2008-12-09 23:35 US-CERT
TA08-344A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2008-12-09 23:32 Insomnia Security
ISVA-081209.1: IE Webdav Request Parsing Heap Corruption Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-073, CVE-2008-4259)
A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution.
2008-12-09 20:45 Microsoft
MS08-DEC: Microsoft Security Bulletin Summary for December 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-12-09 20:36 SANS Internet Storm Center
December Black Tuesday Overview
Overview of the December 2008 Microsoft patches and their status.
2008-12-09 18:13 US-CERT
Microsoft Releases December Security Bulletin
US-CERT Current Activity
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Developer Tools and Software, and Server Software as part of the Microsoft Security Bulletin Summary for December 2008. These vulnerabilities may allow an attacker to execute arbitrary code or escalate privileges.
2008-12-09 IBM Internet Security Systems
Microsoft Windows search-ms protocol code execution
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of parameters when parsing the search-ms protocol.
2008-12-09 IBM Internet Security Systems
Microsoft Internet Explorer embedded object code execution
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of certain embedded objects within a Web page.
2008-12-09 IBM Internet Security Systems
Microsoft Windows GDI WMF image file integer overflow
The Microsoft Windows GDI is vulnerable to an integer overflow, caused by improper handling of integer calculations within a WMF image file.
2008-12-09 IBM Internet Security Systems
Microsoft Internet Explorer HTML objects uninitialized memory code execution
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of certain HTML objects when attempting to access uninitialized memory.
2008-12-04 21:48 Microsoft
MS08-DEC: Microsoft Security Bulletin Advance Notification for December 2008
Included in this advisory are updates for newly discovered vulnerabilities.
2008-09-16 Zero Day Initiative (ZDI)
ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability
Windows Common AVI Parsing Overflow Vulnerability (MS08-070, CVE-2008-4255)
Vulnerability Reported
2008-09-02 Secunia Research
2008-36: Microsoft Excel NAME Record Array Indexing Vulnerability
Excel Global Array Memory Corruption Vulnerability (CVE-2008-4266, MS08-074)
Vulnerability Reported
2008-08-26 iDefense
Microsoft Internet Explorer HTML Tag Long File Name Extension Stack Buffer Overflow Vulnerability
HTML Rendering Memory Corruption Vulnerability (MS08-073, CVE-2008-4261)
Vulnerability Reported
On Internet Explorer 5.01 a function return address can be overwritten with attacker controlled data which results in an exploitable condition. However on Internet Explorer 6 the vulnerability will only overflow one byte.
2008-08-19 Zero Day Initiative (ZDI)
ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability
Word Memory Corruption Vulnerability (MS08-072, CVE-2008-4837)
Vulnerability Reported
2008-07-21 iDefense
Microsoft Excel Malformed Object Memory Corruption Vulnerability
File Format Parsing Vulnerability (MS08-074, CVE-2008-4265)
Vulnerability Reported
This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation.
2008-06-25 Zero Day Initiative (ZDI)
ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability
Word RTF Object Parsing Vulnerability (MS08-072, CVE-2008-4028)
Vulnerability Reported
2008-05-21 iDefense
Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability
GDI Integer Overflow Vulnerability (MS08-071, CVE-2008-2249)
Vulnerability Reported
This vulnerability also can be triggered through e-mail. If the e-mail client can automatically display images embedded in the e-mail, the user only needs to open the e-mail to trigger the vulnerability. Currently an EMF file is used as a test attack vector. Outlook and Outlook Express will automatically display EMF images and trigger the vulnerability. Lotus Notes and Thunderbird do not display EMF images in e-mail directly, but the vulnerability still can be triggered when opening or viewing the EMF attachment.
2008-05-19 Zero Day Initiative (ZDI)
ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability
Word RTF Object Parsing Vulnerability (MS08-072, CVE-2008-4027)
Vulnerability Reported
2008-05-19 Zero Day Initiative (ZDI)
ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability
HTML Objects Memory Corruption Vulnerability (MS08-073, CVE-2008-4259)
Vulnerability Reported
2008-05-16 Secunia Research
2008-21: Microsoft Word RTF Polyline/Polygon Integer Overflow
Word RTF Object Parsing Vulnerability (CVE-2008-4025, MS08-072)
Vulnerability Reported
2008-03-13 Core Security Technologies
CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability
Word Memory Corruption Vulnerability (MS08-072, CVE-2008-4024)
Vulnerability Reported
A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value.

Reference

Date first published (UTC): 2008-12-14T16:59+00:00
Date last updated (UTC): 2008-12-28T07:33+00:00
Valid HTML 4.01!