• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities

Microsoft has released advance notification that the vendor will be releasing eight security bulletins on April 8, 2008. The highest severity rating for these issues is 'Critical'.

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

NOTE: The following individual records have been created to document these vulnerabilities:

28607 Microsoft Project Resource Memory Allocation Variable Remote Code Execution Vulnerability
28555 Microsoft Visio Object Header Remote Code Execution Vulnerability
28556 Microsoft Visio Memory Validation Remote Code Execution Vulnerability
28553 Microsoft Windows DNS Client Service Response Spoofing Vulnerability
28570 Microsoft Windows GDI Stack Overflow Vulnerability
28571 Microsoft Windows GDI Heap Overflow Vulnerability
28551 Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability
27578 Yahoo! Music Jukebox 'mediagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
27579 Yahoo! Music Jukebox 'datagrid.dll' ActiveX Control Remote Buffer Overflow Vulnerability
27590 Yahoo! Music Jukebox AddImage Function ActiveX Remote Buffer Overflow Vulnerability
28606 Microsoft 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
28552 Microsoft Internet Explorer Data Stream Handling Code Execution Vulnerability
28554 Microsoft Windows Kernel Usermode Callback Local Privilege Escalation Vulnerability