Focus on Microsoft
SecurityFocus Microsoft Newsletter #423 Dec 12 2008 06:07PM
Rob Keith (rkeith securityfocus com)

SecurityFocus Microsoft Newsletter #423
----------------------------------------

This issue is sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H

SECURITY BLOGS
SecurityFocus has selected a few syndicated sources that stand out as conveying topics of interest for our community. We are proud to offer content from Matasano at this time and will be adding more in the coming weeks.
http://www.securityfocus.com/blogs

------------------------------------------------------------------
I. FRONT AND CENTER
1.Time to Exclude Bad ISPs
2.Standing on Other's Shoulders
II. MICROSOFT VULNERABILITY SUMMARY
1. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness
2. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability
3. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability
4. Microsoft WordPad Text Converter Remote Code Execution Vulnerability
5. Microsoft SQL Server 2000 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
6. Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability
7. RETIRED: RadASM '.rap' Project File Command Execution Vulnerability
8. IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
9. DesignWorks Professional '.cct' File Buffer Overflow Vulnerability
10. Null FTP Server 'SITE' Command Arbitrary Command Injection Vulnerability
11. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
12. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
13. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability
14. Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability
15. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
16. Microsoft SharePoint Server Unauthorized Access Vulnerability
17. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability
18. Microsoft Windows GDI WMF Integer Overflow Vulnerability
19. RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
20. Microsoft Excel Name Record Array Remote Code Execution Vulnerability
21. Microsoft Excel Formula Handling Remote Code Execution Vulnerability
22. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability
23. RadASM '.rap' Project File Buffer Overflow Vulnerability
24. Microsoft Charts ActiveX Control Memory Corruption Vulnerability
25. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability
26. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability
27. Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability
28. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability
29. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability
30. Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability
31. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability
32. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability
33. Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability
34. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability
35. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
36. Microsoft Word Malformed Value Remote Code Execution Vulnerability
37. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability
38. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability
39. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability
III. MICROSOFT FOCUS LIST SUMMARY
IV. UNSUBSCRIBE INSTRUCTIONS
V. SPONSOR INFORMATION

I. FRONT AND CENTER
---------------------
1. Time to Exclude Bad ISPs
By Oliver Day
In recent months, three questionable Internet service providers - EstDomains, Atrivo, and McColo - were effectively taken offline resulting in noticeable drops of malware and spam.
http://www.securityfocus.com/columnists/487

2. Standing on Other's Shoulders
By Chris Wysopal
"If I have seen a little further it is by standing on the shoulders of Giants," Issac Netwon once wrote to describe how he felt that his scientific work was an extension of the work of those who went before him. In the scientific realm it is dishonorable not to credit those upon whose work you build.
http://www.securityfocus.com/columnists/486

II. MICROSOFT VULNERABILITY SUMMARY
------------------------------------
1. Internet Explorer 8 CSS 'expression' Property Cross Site Scripting Filter Bypass Weakness
BugTraq ID: 32780
Remote: Yes
Date Published: 2008-12-11
Relevant URL: http://www.securityfocus.com/bid/32780
Summary:
Microsoft Internet Explorer is a web browser for the Microsoft Windows operating system.

Internet Explorer 8 includes a cross-site-scripting filter that is designed to prevent cross-site-scripting attacks against vulnerable web applications. Attackers may be able to bypass this filter under certain conditions, such as by taking advantage of an existing vulnerability in a web application.

Internet Explorer 8 beta 2 is vulnerable.

2. Computer Associates ARCserve Backup 'LDBServer' Remote Code Execution Vulnerability
BugTraq ID: 32764
Remote: Yes
Date Published: 2008-12-10
Relevant URL: http://www.securityfocus.com/bid/32764
Summary:
Computer Associates ARCserve Backup is prone to a remote code-execution vulnerability.

Successfully exploiting this issue will allow attackers to execute arbitrary code with SYSTEM-level privileges, completely compromising affected computers. Failed exploit attempts will likely crash the affected 'LDBserver' service.

3. Microsoft Internet Explorer XML Handling Remote Code Execution Vulnerability
BugTraq ID: 32721
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32721
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

NOTE: Symantec has received reports that this issue is being actively exploited in the wild.

4. Microsoft WordPad Text Converter Remote Code Execution Vulnerability
BugTraq ID: 32718
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32718
Summary:
Microsoft WordPad is prone to a remote code-execution vulnerability because of an unspecified error that may result in corrupted memory.

An attacker could exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts may result in denial-of-service conditions.

5. Microsoft SQL Server 2000 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
BugTraq ID: 32710
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32710
Summary:
Microsoft SQL Server 2000 is prone to a remote memory-corruption vulnerability because it fails to properly handle user-supplied input.

Authenticated attackers can exploit this issue to execute arbitrary code and completely compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

The issue affects Microsoft SQL Server 2000.

6. Microsoft Outlook Express Malformed MIME Message Denial Of Service Vulnerability
BugTraq ID: 32702
Remote: Yes
Date Published: 2008-12-08
Relevant URL: http://www.securityfocus.com/bid/32702
Summary:
Microsoft Outlook Express is prone to a denial-of-service vulnerability because the application fails to properly handle malformed multipart MIME messages.

An attacker can exploit this issue to crash the application during delivery.

7. RETIRED: RadASM '.rap' Project File Command Execution Vulnerability
BugTraq ID: 32687
Remote: Yes
Date Published: 2008-12-08
Relevant URL: http://www.securityfocus.com/bid/32687
Summary:
RadASM is prone to a command-execution vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary commands in the context of the application. This may aid in further attacks.

RadASM 2.2.1.5 is vulnerable; other versions may also be affected.

NOTE: This BID is being retired because it has been determined not to be a vulnerability.

8. IBM WebSphere Application Server Multiple Unspecified Vulnerabilities
BugTraq ID: 32679
Remote: Yes
Date Published: 2008-12-05
Relevant URL: http://www.securityfocus.com/bid/32679
Summary:
IBM WebSphere Application Server (WAS) is prone to multiple vulnerabilities.

Attackers can exploit one of the issues to obtain sensitive information.

The impact of the other issues cannot be determined due to lack of technical information at this time. We will update this BID as more information emerges.

These vulnerabilities affect WAS 7.0.

9. DesignWorks Professional '.cct' File Buffer Overflow Vulnerability
BugTraq ID: 32667
Remote: Yes
Date Published: 2008-12-06
Relevant URL: http://www.securityfocus.com/bid/32667
Summary:
DesignWorks Professional is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

DesignWorks Professional 4.3.1 is vulnerable; other versions may also be affected.

10. Null FTP Server 'SITE' Command Arbitrary Command Injection Vulnerability
BugTraq ID: 32656
Remote: Yes
Date Published: 2008-12-05
Relevant URL: http://www.securityfocus.com/bid/32656
Summary:
Null FTP Server is prone to an arbitrary-command-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to execute arbitrary commands in the context of the user running the application.

Null FTP Server 1.1.0.7 is vulnerable; prior versions may also be affected.

11. Microsoft Windows Media Components ISATAP URL Handling Information Disclosure Vulnerability
BugTraq ID: 32654
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32654
Summary:
Microsoft Windows Media Components is prone to an information-disclosure vulnerability when handling 'ISATAP' (Intra-Site Automatic Tunnel Addressing Protocol) URLs.

An attacker can use this vulnerability to obtain information that may aid in further attacks.

12. Microsoft Windows Media Components 'Service Principle Name' Remote Code Execution Vulnerability
BugTraq ID: 32653
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32653
Summary:
Microsoft Windows Media Components is prone to a remote code-execution vulnerability in the SPN (Service Principle Name) implementation.

A successful exploit of this vulnerability may allow a remote attacker to execute code in the context of the logged-in user.

13. Microsoft Windows 'search-ms' Protocol Parsing Remote Code Execution Vulnerability
BugTraq ID: 32652
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32652
Summary:
Microsoft Windows Explorer is prone to a remote code-execution vulnerability that affects the 'search-ms' protocol handler.

An attacker could exploit this issue by enticing a victim to visit a maliciously crafted website.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

This issue affects Windows Vista and Windows Server 2008.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

14. Microsoft Windows Saved Search File Handling Remote Code Execution Vulnerability
BugTraq ID: 32651
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32651
Summary:
Microsoft Windows is prone to a remote code-execution vulnerability because Windows Explorer fails to correctly free memory when saving the Windows Search saved-search files.

Attackers may exploit this issue by enticing victims into opening and saving a maliciously crafted saved-search file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application. Failed exploit attempts will likely result in denial-of-service conditions.

This issue affects Windows Vista and Windows Server 2008.

NOTE: Supported editions of Windows Server 2008 are not affected if installed using the Server Core installation option.

15. Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
BugTraq ID: 32642
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32642
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

16. Microsoft SharePoint Server Unauthorized Access Vulnerability
BugTraq ID: 32638
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32638
Summary:
Microsoft SharePoint Server is prone to a vulnerability that could let remote attackers gain unauthorized access. A successful exploit will let attackers access certain administrative functions of the SharePoint Server.

17. Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability
BugTraq ID: 32637
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32637
Summary:
The GDI component of Microsoft Windows is prone to a heap-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user.

18. Microsoft Windows GDI WMF Integer Overflow Vulnerability
BugTraq ID: 32634
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32634
Summary:
The GDI component of Microsoft Windows is prone to an integer-overflow vulnerability that may be triggered by a malicious WMF (Windows Metafile) image. A successful exploit will let the attacker execute arbitrary code in the context of the currently logged-in user.

19. RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
BugTraq ID: 32632
Remote: Yes
Date Published: 2008-12-04
Relevant URL: http://www.securityfocus.com/bid/32632
Summary:
Microsoft has released advance notification that the vendor will be releasing eight security bulletins on December 9, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

The following individual records cover these issues:

30674 Microsoft Visual Studio 'Msmask32.ocx' ActiveX Control Remote Buffer Overflow Vulnerability
32591 Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability
32592 Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability
32612 Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability
32613 Microsoft Windows Common AVI ActiveX Control File Parsing Memory Corruption Vulnerability
32614 Microsoft Charts ActiveX Control Memory Corruption Vulnerability
32634 Microsoft Windows GDI WMF Integer Overflow Vulnerability
32637 Microsoft Windows GDI File Size Parameter Heap Overflow Vulnerability
32580 Microsoft Word Malformed Record Remote Code Execution Vulnerability
32579 Microsoft Word RTF Malformed Control Word Remote Code Execution Vulnerability
32583 Microsoft Word Malformed Value Remote Code Execution Vulnerability
32581 Microsoft Word RTF Malformed Control Word Variant 1 Remote Code Execution Vulnerability
32585 Microsoft Word RTF Malformed Control Word Variant 3 Remote Code Execution Vulnerability
32642 Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
32594 Microsoft Word RTF Malformed String Remote Code Execution Vulnerability
32584 Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
32596 Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability
32586 Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability
32593 Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability
32595 Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability
32621 Microsoft Excel Formula Handling Remote Code Execution Vulnerability
32618 Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability
32622 Microsoft Excel Global Array Memory Corruption Vulnerability
32651 Microsoft Windows Search Saved Search File Handling Remote Code Execution Vulnerability
32652 Microsoft Windows Search 'search-ms' Protocol Parsing Remote Code Execution Vulnerability
32653 Microsoft Media Components 'Service Principle Name' Remote Code Execution Vulnerability
32654 Microsoft Media Components 'ISATAP' Information Disclosure Vulnerability
32638 Microsoft SharePoint Server Unauthorized Access Vulnerability

20. Microsoft Excel Name Record Array Remote Code Execution Vulnerability
BugTraq ID: 32622
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32622
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

21. Microsoft Excel Formula Handling Remote Code Execution Vulnerability
BugTraq ID: 32621
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32621
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

22. Microsoft Excel Malformed Object Handling Remote Code Execution Vulnerability
BugTraq ID: 32618
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32618
Summary:
Microsoft Excel is prone to a remote code-execution vulnerability.

Attackers may exploit this issue by enticing victims into opening a maliciously crafted Excel file.

Successful exploits may allow attackers to execute arbitrary code with the privileges of the user running the application.

23. RadASM '.rap' Project File Buffer Overflow Vulnerability
BugTraq ID: 32617
Remote: Yes
Date Published: 2008-12-03
Relevant URL: http://www.securityfocus.com/bid/32617
Summary:
RadASM is prone to a buffer-overflow vulnerability because it fails to perform adequate checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

RadASM 2.2.1.4 is vulnerable; other versions may also be affected.

24. Microsoft Charts ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32614
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32614
Summary:
Microsoft Charts ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

25. Microsoft Windows Common AVI ActiveX Control File Parsing Buffer Overflow Vulnerability
BugTraq ID: 32613
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32613
Summary:
Microsoft Windows Common AVI ActiveX control is prone to a remote buffer-overflow vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

26. Microsoft Hierarchical FlexGrid ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32612
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32612
Summary:
Microsoft Hierarchical FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

Microsoft Hierarchical FlexGrid Control 6.0.88.4 is vulnerable; other versions may also be affected. The control is bundled with Microsoft Visual Basic 6.0 and Microsoft Visual FoxPro 8.0 SP1 and 9.0 SP 2.

27. Microsoft Internet Explorer Navigation Method Remote Code Execution Vulnerability
BugTraq ID: 32596
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32596
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

28. Microsoft Internet Explorer Embedded Object Remote Code Execution Vulnerability
BugTraq ID: 32595
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32595
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

29. Microsoft Word RTF Malformed String Remote Code Execution Vulnerability
BugTraq ID: 32594
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32594
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

30. Microsoft Internet Explorer Deleted Object Access Remote Code Execution Vulnerability
BugTraq ID: 32593
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32593
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

31. Microsoft FlexGrid ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32592
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32592
Summary:
Microsoft FlexGrid ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

32. Microsoft DataGrid ActiveX Control Memory Corruption Vulnerability
BugTraq ID: 32591
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32591
Summary:
Microsoft DataGrid ActiveX control is prone to a remote memory-corruption vulnerability.

Remote attackers can exploit this issue to execute arbitrary code in the context of the application using the ActiveX control (typically Internet Explorer). Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

33. Microsoft Internet Explorer HTML Objects Remote Code Execution Vulnerability
BugTraq ID: 32586
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32586
Summary:
Microsoft Internet Explorer is prone to a remote code-execution vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.

34. Microsoft Word RTF Multiple Drawing Object Tags Remote Code Execution Vulnerability
BugTraq ID: 32585
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32585
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

35. Microsoft Word Malformed Record Value Remote Code Execution Vulnerability
BugTraq ID: 32584
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32584
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

36. Microsoft Word Malformed Value Remote Code Execution Vulnerability
BugTraq ID: 32583
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32583
Summary:
Microsoft Word is prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial-of-service conditions.

37. Microsoft Word RTF '\do' Drawing Object Remote Heap Memory Corruption Vulnerability
BugTraq ID: 32581
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32581
Summary:
Microsoft Word is prone to a remote heap memory-corruption vulnerability.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

38. Microsoft Word ' FIB' Value Heap Memory Corruption Vulnerability
BugTraq ID: 32580
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32580
Summary:
Microsoft Word is prone to a heap-based memory-corruption vulnerability.

An attacker can exploit this issue by sending a specially crafted Word file to an unsuspecting user and enticing them to open it with a vulnerable application. A successful exploit will allow attackers to execute arbitrary code within the context of the user running the affected application.

39. Microsoft Word RTF Polyline/Polygon Integer Overflow Vulnerability
BugTraq ID: 32579
Remote: Yes
Date Published: 2008-12-09
Relevant URL: http://www.securityfocus.com/bid/32579
Summary:
Microsoft Word is prone to an integer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

An attacker could exploit this issue by enticing a victim to open a malicious RTF file.

Successfully exploiting this issue would allow the attacker to execute arbitrary code in the context of the currently logged-in user.

III. MICROSOFT FOCUS LIST SUMMARY
---------------------------------
IV. UNSUBSCRIBE INSTRUCTIONS
-----------------------------
To unsubscribe send an e-mail message to ms-secnews-unsubscribe (at) securityfocus (dot) com [email concealed] from the subscribed address. The contents of the subject or message body do not matter. You will receive a confirmation request message to which you will have to answer. Alternatively you can also visit http://www.securityfocus.com/newsletters and unsubscribe via the website.

If your email address has changed email listadmin (at) securityfocus (dot) com [email concealed] and ask to be manually removed.

V. SPONSOR INFORMATION
------------------------
This issue is sponsored by Ironkey: The World's Most Secure Flash Drive

IronKey flash dives lock down your most sensitive data using today's most advanced security technology.
IronKey uses military-grade AES CBC-mode hardware encryption that cannot be disabled by malware or an intruder and provides rugged and waterproof protection to safeguard your data.
https://www.ironkey.com/secure-flash-drive1a?cmpid=701500000006y9H

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus