SecurityFocus Microsoft Newsletter #423 ----------------------------------------
This issue is sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H SECURITY BLOGS SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks. http://www.securityfocus.com/blogs ------------------------------------------------------------------ I. FRONT AND CENTER 1.Time to Exclude Bad ISPs 2.Standing on Other's Shoulders II. MICROSOFT VULNERABILITY SUMMARY 1. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness 2. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability 3. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability 4. Microsoft WordPad Text Converter Remote Code Execution Vulnerability 5. Microsoft SQL Server 2000 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability 6. Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability 7. RETIRED: RadASM '.rap' Project File Command Execution Vulnerability 8. IBM WebSphere Application Server Multiple Unspecified Vulnerabilities 9. DesignWorks Professional '.cct' File Buffer Overflow Vulnerability 10. Null FTP Server 'SITE' Command Arbitrary Command Injection Vulnerability 11. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability 12. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability 13. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability 14. Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability 15. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability 16. Microsoft SharePoint Server Unauthorized Access Vulnerability 17. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability 18. Microsoft Windows GDI WMF Integer Overflow Vulnerability 19. RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities 20. Microsoft Excel Name Record Array Remote Code Execution Vulnerability 21. Microsoft Excel Formula Handling Remote Code Execution Vulnerability 22. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability 23. RadASM '.rap' Project File Buffer Overflow Vulnerability 24. Microsoft Charts ActiveX Control Memory Corruption Vulnerability 25. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability 26. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability 27. Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability 28. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability 29. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability 30. Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability 31. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability 32. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability 33. Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability 34. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability 35. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability 36. Microsoft Word Malformed Value Remote Code Execution Vulnerability 37. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability 38. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability 39. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability III. MICROSOFT FOCUS LIST SUMMARY IV. UNSUBSCRIBE INSTRUCTIONS V. SPONSOR INFORMATION I. FRONT AND CENTER --------------------- 1. Time to Exclude Bad ISPs By Oliver Day In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam. http://www.securityfocus.com/columnists/487 2. Standing on Other's Shoulders By Chris Wysopal "If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build. http://www.securityfocus.com/columnists/486 II. MICROSOFT VULNERABILITY SUMMARY ------------------------------------ 1. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness BugTraq ID: 32780 Remote: Yes Date Published: 2008-12-11 Relevant URL: http://www.securityfocus.com/bid/32780 Summary: Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system. Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications. Attackers may be able to bypass this filter under certain conditions, such as by taking advantage of an existing vulnerability in a web application. Internet Explorer 8 beta 2 is vulnerable. 2. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability BugTraq ID: 32764 Remote: Yes Date Published: 2008-12-10 Relevant URL: http://www.securityfocus.com/bid/32764 Summary: Computer Associates ARCserve Backup is prone to a remote code-execution vulnerability. Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely crash the affected 'LDBserver' service. 3. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability BugTraq ID: 32721 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32721 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. NOTE: Symantec has received reports that this issue is being actively exploited in the wild. 4. Microsoft WordPad Text Converter Remote Code Execution Vulnerability BugTraq ID: 32718 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32718 Summary: Microsoft WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory. An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions. 5. Microsoft SQL Server 2000 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability BugTraq ID: 32710 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32710 Summary: Microsoft SQL Server 2000 is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input. Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions. The issue affects Microsoft SQL Server 2000. 6. Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability BugTraq ID: 32702 Remote: Yes Date Published: 2008-12-08 Relevant URL: http://www.securityfocus.com/bid/32702 Summary: Microsoft Outlook Express is prone to a denial-of-service vulnerability because the application fails to properly handle malformed multipart MIME messages. An attacker can exploit this issue to crash the application during delivery. 7. RETIRED: RadASM '.rap' Project File Command Execution Vulnerability BugTraq ID: 32687 Remote: Yes Date Published: 2008-12-08 Relevant URL: http://www.securityfocus.com/bid/32687 Summary: RadASM is prone to a command-execution vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary commands in the context of the application. This may aid in further attacks. RadASM 2.2.1.5 is vulnerable; other versions may also be affected. NOTE: This BID is being retired because it has been determined not to be a vulnerability. 8. IBM WebSphere Application Server Multiple Unspecified Vulnerabilities BugTraq ID: 32679 Remote: Yes Date Published: 2008-12-05 Relevant URL: http://www.securityfocus.com/bid/32679 Summary: IBM WebSphere Application Server (WAS) is prone to multiple vulnerabilities. Attackers can exploit one of the issues to obtain sensitive information. The impact of the other issues cannot be determined due to lack of technical information at this time. We will update this BID as more information emerges. These vulnerabilities affect WAS 7.0. 9. DesignWorks Professional '.cct' File Buffer Overflow Vulnerability BugTraq ID: 32667 Remote: Yes Date Published: 2008-12-06 Relevant URL: http://www.securityfocus.com/bid/32667 Summary: DesignWorks Professional is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. DesignWorks Professional 4.3.1 is vulnerable; other versions may also be affected. 10. Null FTP Server 'SITE' Command Arbitrary Command Injection Vulnerability BugTraq ID: 32656 Remote: Yes Date Published: 2008-12-05 Relevant URL: http://www.securityfocus.com/bid/32656 Summary: Null FTP Server is prone to an arbitrary-command-injection vulnerability because it fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application. Null FTP Server 1.1.0.7 is vulnerable; prior versions may also be affected. 11. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability BugTraq ID: 32654 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32654 Summary: Microsoft Windows Media Components is prone to an information-disclosure vulnerability when handling 'ISATAP' (Intra-Site Automatic Tunnel Addressing Protocol) URLs. An attacker can use this vulnerability to obtain information that may aid in further attacks. 12. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability BugTraq ID: 32653 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32653 Summary: Microsoft Windows Media Components is prone to a remote code-execution vulnerability in the SPN (Service Principle Name) implementation. A successful exploit of this vulnerability may allow a remote attacker to execute code in the context of the logged-in user. 13. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability BugTraq ID: 32652 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32652 Summary: Microsoft Windows Explorer is prone to a remote code-execution vulnerability that affects the 'search-ms' protocol handler. An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. This issue affects Windows Vista and Windows Server 2008. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 14. Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability BugTraq ID: 32651 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32651 Summary: Microsoft Windows is prone to a remote code-execution vulnerability because Windows Explorer fails to correctly free memory when saving the Windows Search saved-search files. Attackers may exploit this issue by enticing victims into opening and saving a maliciously crafted saved-search file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions. This issue affects Windows Vista and Windows Server 2008. NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option. 15. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability BugTraq ID: 32642 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32642 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 16. Microsoft SharePoint Server Unauthorized Access Vulnerability BugTraq ID: 32638 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32638 Summary: Microsoft SharePoint Server is prone to a vulnerability that could let remote attackers gain unauthorized access. A successful exploit will let attackers access certain administrative functions of the SharePoint Server. 17. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability BugTraq ID: 32637 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32637 Summary: The GDI component of Microsoft Windows is prone to a heap-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user. 18. Microsoft Windows GDI WMF Integer Overflow Vulnerability BugTraq ID: 32634 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32634 Summary: The GDI component of Microsoft Windows is prone to an integer-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user. 19. RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities BugTraq ID: 32632 Remote: Yes Date Published: 2008-12-04 Relevant URL: http://www.securityfocus.com/bid/32632 Summary: Microsoft has released advance notification that the vendor will be releasing eight security bulletins on December 9, 2008. The highest severity rating for these issues is 'Critical'. Successfully exploiting these issues may allow remote or local attackers to compromise affected computers. The following individual records cover these issues: 30674 Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability 32591 Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability 32592 Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability 32612 Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability 32613 Microsoft Windows Common AVI ActiveX Control File Parsing Memory Corruption Vulnerability 32614 Microsoft Charts ActiveX Control Memory Corruption Vulnerability 32634 Microsoft Windows GDI WMF Integer Overflow Vulnerability 32637 Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability 32580 Microsoft Word Malformed Record Remote Code Execution Vulnerability 32579 Microsoft Word RTF Malformed Control Word Remote Code Execution Vulnerability 32583 Microsoft Word Malformed Value Remote Code Execution Vulnerability 32581 Microsoft Word RTF Malformed Control Word Variant 1 Remote Code Execution Vulnerability 32585 Microsoft Word RTF Malformed Control Word Variant 3 Remote Code Execution Vulnerability 32642 Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability 32594 Microsoft Word RTF Malformed String Remote Code Execution Vulnerability 32584 Microsoft Word Malformed Record Value Remote Code Execution Vulnerability 32596 Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability 32586 Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability 32593 Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability 32595 Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability 32621 Microsoft Excel Formula Handling Remote Code Execution Vulnerability 32618 Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability 32622 Microsoft Excel Global Array Memory Corruption Vulnerability 32651 Microsoft Windows Search Saved Search File Handling Remote Code Execution Vulnerability 32652 Microsoft Windows Search 'search-ms' Protocol Parsing Remote Code Execution Vulnerability 32653 Microsoft Media Components 'Service Principle Name' Remote Code Execution Vulnerability 32654 Microsoft Media Components 'ISATAP' Information Disclosure Vulnerability 32638 Microsoft SharePoint Server Unauthorized Access Vulnerability 20. Microsoft Excel Name Record Array Remote Code Execution Vulnerability BugTraq ID: 32622 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32622 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 21. Microsoft Excel Formula Handling Remote Code Execution Vulnerability BugTraq ID: 32621 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32621 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 22. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability BugTraq ID: 32618 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32618 Summary: Microsoft Excel is prone to a remote code-execution vulnerability. Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file. Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. 23. RadASM '.rap' Project File Buffer Overflow Vulnerability BugTraq ID: 32617 Remote: Yes Date Published: 2008-12-03 Relevant URL: http://www.securityfocus.com/bid/32617 Summary: RadASM is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. RadASM 2.2.1.4 is vulnerable; other versions may also be affected. 24. Microsoft Charts ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32614 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32614 Summary: Microsoft Charts ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 25. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability BugTraq ID: 32613 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32613 Summary: Microsoft Windows Common AVI ActiveX control is prone to a remote buffer-overflow vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 26. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32612 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32612 Summary: Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. Microsoft Hierarchical FlexGrid Control 6.0.88.4 is vulnerable; other versions may also be affected. The control is bundled with Microsoft Visual Basic 6.0 and Microsoft Visual FoxPro 8.0 SP1 and 9.0 SP 2. 27. Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability BugTraq ID: 32596 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32596 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 28. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability BugTraq ID: 32595 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32595 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 29. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability BugTraq ID: 32594 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32594 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 30. Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability BugTraq ID: 32593 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32593 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 31. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32592 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32592 Summary: Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 32. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability BugTraq ID: 32591 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32591 Summary: Microsoft DataGrid ActiveX control is prone to a remote memory-corruption vulnerability. Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 33. Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability BugTraq ID: 32586 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32586 Summary: Microsoft Internet Explorer is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions. 34. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability BugTraq ID: 32585 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32585 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 35. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability BugTraq ID: 32584 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32584 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 36. Microsoft Word Malformed Value Remote Code Execution Vulnerability BugTraq ID: 32583 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32583 Summary: Microsoft Word is prone to a remote code-execution vulnerability. An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions. 37. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability BugTraq ID: 32581 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32581 Summary: Microsoft Word is prone to a remote heap memory-corruption vulnerability. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. 38. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability BugTraq ID: 32580 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32580 Summary: Microsoft Word is prone to a heap-based memory-corruption vulnerability. An attacker can exploit this issue by sending a specially crafted Word file to an unsuspecting user and enticing them to open it with a vulnerable application. A successful exploit will allow attackers to execute arbitrary code within the context of the user running the affected application. 39. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability BugTraq ID: 32579 Remote: Yes Date Published: 2008-12-09 Relevant URL: http://www.securityfocus.com/bid/32579 Summary: Microsoft Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. An attacker could exploit this issue by enticing a victim to open a malicious RTF file. Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user. III. MICROSOFT FOCUS LIST SUMMARY --------------------------------- IV. UNSUBSCRIBE INSTRUCTIONS ----------------------------- To unsubscribe send an e-mail message to [email protected] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website. If your email address has changed email [email protected] and ask to be manually removed. V. SPONSOR INFORMATION ------------------------ This issue is sponsored by Ironkey: The World's Most Secure Flash Drive IronKey flash dives lock down your most sensitive data using today's most advanced security technology. IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data. https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H
