Microsoft Corp. has released 11 security bulletins encompassing 17 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS08-003: Vulnerability in Active Directory Could Allow Denial of Service (946538)
http://www.microsoft.com/technet/security/bulletin/MS08-003.mspx

CVE Number: CVE-2008-0088
iDefense Title: Microsoft Windows 2000, 2003 Server And XP Active Directory LDAP Requests DoS Vulnerability
iDefense Master ID: 467440
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Windows 2000, 2003 Server and XP Active Directory could allow an attacker to conduct a denial of service (DoS) attack against a vulnerable host.
 

Security Bulletin MS08-004: Vulnerability in Windows TCP/IP Could Allow Denial of Service (946456)
http://www.microsoft.com/technet/security/bulletin/MS08-004.mspx

CVE Number: CVE-2008-0084
iDefense Title: Microsoft Windows Vista TCP/IP DHCP Packet DoS Vulnerability
iDefense Master ID: 467441
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Windows Vista TCP-IP implementation of the DHCP client could allow attackers to cause a denial of service (DoS) condition.
 

Security Bulletin MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege (942831)
http://www.microsoft.com/technet/security/bulletin/MS08-005.mspx

CVE Number: CVE-2008-0074
iDefense Title: Microsoft Windows 2000, XP, 2003 and Vista IIS File Change Notifications Privilege Escalation Vulnerability
iDefense Master ID: 467449
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Windows IIS file change notifications component could allow attackers to escalate privileges.
 

Security Bulletin MS08-006: Vulnerability in Internet Information Services Could Allow Remote Code Execution (942830)
http://www.microsoft.com/technet/security/bulletin/MS08-006.mspx

CVE Number: CVE-2008-0075
iDefense Title: Microsoft Windows XP and 2003 IIS HTMLEncode Code Execution Vulnerability
iDefense Master ID: 467451
iDefense Severity: HIGH

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Windows IIS HTMLEncode component could allow attackers to execute arbitrary code.
 

Security Bulletin MS08-007: Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution (946026)
http://www.microsoft.com/technet/security/bulletin/MS08-007.mspx

CVE Number: CVE-2008-0080
iDefense Title: Microsoft WebDAV Mini-Redirector Heap Overflow Vulnerability
iDefense Master ID: 467445
iDefense Severity: HIGH

Remote exploitation of a heap-based buffer overflow vulnerability in Microsoft Corp.'s WebDAV Mini-Redirector could allow an attacker to execute arbitrary code.
 

Security Bulletin MS08-008: Vulnerability in OLE Automation Could Allow Remote Code Execution (947890)
http://www.microsoft.com/technet/security/bulletin/MS08-008.mspx

CVE Number: CVE-2007-0065
iDefense Title: Microsoft OLE Automation Heap Overrun Vulnerability
iDefense Master ID: 467450
iDefense Severity: HIGH

Remote exploitation of a heap-based buffer overflow in Microsoft Corp.'s OLE Automation could allow an attacker to execute arbitrary code.
 

Security Bulletin MS08-009: Vulnerability in Microsoft Word Could Allow Remote Code Execution (947077)
http://www.microsoft.com/technet/security/bulletin/MS08-009.mspx

CVE Number: CVE-2008-0109
iDefense Title: Microsoft Office Word Memory Corruption Vulnerability
iDefense Master ID: 46744
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Office could allow attackers to remotely execute arbitrary code on a vulnerable system.
 

Security Bulletin MS08-010: Cumulative Security Update for Internet Explorer (944533)
http://www.microsoft.com/technet/security/bulletin/MS08-010.mspx

CVE Number: CVE-2007-4790
iDefense Title: Microsoft Visual FoxPro 6.0 Fpole.ocx/Foxtlib.ocx Buffer Overflow Vulnerability
iDefense Master ID: 463760
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Visual Basic 6.0 could allow attackers to execute arbitrary code as the user running Internet Explorer.

CVE Number: CVE-2008-0076
iDefense Title: Microsoft Internet Explorer HTML Rendering Memory Corruption Vulnerability
iDefense Master ID: 467453
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer allows attackers to execute arbitrary code as the user running Internet Explorer.

CVE Number: CVE-2008-0077
iDefense Title: Microsoft Internet Explorer HTML+TIME Memory Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 464950
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer Web browser allows attackers to execute arbitrary code within the context of the affected user.

CVE Number: CVE-2008-0078
iDefense Title: Internet Explorer dxtmsft.dll Image Handling Memory Corruption Vulnerability
iDefense Master ID: 467448
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code as the user running Internet Explorer.
 

Security Bulletin MS08-011: Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution (947081)
http://www.microsoft.com/technet/security/bulletin/MS08-011.mspx

CVE Number: CVE-2007-0216
iDefense Title: Microsoft Office WPS 7 Converter Heap Overflow Vulnerability
iDefense Master ID: 451968
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Nov. 13, 2006

Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Works 7 Converter allows attackers to execute arbitrary code as the current user.

CVE Number: CVE-2008-0105
iDefense Title: Microsoft Works File Converter Invalid Index Table Handling Error Vulnerability
iDefense Master ID: 467452
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Nov. 13, 2006

Remote exploitation of an input validation error in Microsoft Corp.'s Works File Converter could allow an attacker to gain complete control of the targeted system.

CVE Number: CVE-2008-0108
iDefense Title: Microsoft Office 2003 Works Converter Buffer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 461138
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Nov. 13, 2006

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Works 7 Converter allows attackers to execute arbitrary code as the current user.
 

Security Bulletin MS08-012: Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution (947085)
http://www.microsoft.com/technet/security/bulletin/MS08-012.mspx

CVE Number: CVE-2008-0102
iDefense Title: Microsoft Office Publisher 2003 SP2 Memory Corruption Vulnerability
iDefense Master ID: 467442
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Office Publisher could allow attackers to execute arbitrary code on the targeted host.

CVE Number: CVE-2008-0104
iDefense Title: Microsoft Office Publisher 2003 SP2 Indexing Memory Corruption Vulnerability
iDefense Master ID: 467446
iDefense Severity: MEDIUM

Remote exploitation of an indexing memory corruption vulnerability in multiple versions of Microsoft Corp.'s Office Publisher could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution (947108)
http://www.microsoft.com/technet/security/bulletin/MS08-013.mspx

CVE Number: CVE-2008-0103
iDefense Title: Microsoft Office Memory Corruption Vulnerability
iDefense Master ID: 467447
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Microsoft Office could allow an attacker to execute arbitrary code on an affected system.