Microsoft Security Bulletin: May 2008 // iDefense Labs

03.21.2010 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: MAY 2008

Home // News // Microsoft // Microsoft Security Bulletin: May 2008

Microsoft Corp. has released four security bulletins encompassing six vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS08-026: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)
http://www.microsoft.com/technet/security/bulletin/MS08-026.mspx

CVE Number: CVE-2008-1091
iDefense Title: Microsoft Word Object Parsing Memory Corruption Vulnerability
iDefense Master ID: 469393
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow an attacker to execute arbitrary code with the privileges of the logged-on user.

CVE Number: CVE-2008-1434
iDefense Title: Microsoft Word CSS Processing Memory Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 465238
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word could allow an attacker to execute arbitrary code with the privileges of the logged on-user.

Security Bulletin MS08-027: Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)
http://www.microsoft.com/technet/security/bulletin/MS08-027.mspx

CVE Number: CVE-2008-0119
iDefense Title: Microsoft Publisher Object Handler Buffer Overflow Vulnerability
iDefense Master ID: 469395
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Publisher could allow an attacker to execute arbitrary code as the user running Publisher.

Security Bulletin MS08-028: Vulnerability in Microsoft Jet Database Engine (Jet) Could Allow Remote Code Execution (950749)
http://www.microsoft.com/technet/security/bulletin/MS08-028.mspx

CVE Number: CVE-2007-6026
iDefense Title: Microsoft Jet Database Engine Msjet40.dll Stack Buffer Overflow Vulnerability
iDefense Master ID: 465772
iDefense Severity: HIGH

Remote exploitation of a stack-based buffer overflow vulnerability in Microsoft Corp's Jet Database Engine could allow an attacker to execute arbitrary code with the privileges of the logged-on user.

Security Bulletin MS08-029: Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)
http://www.microsoft.com/technet/security/bulletin/MS08-029.mspx

CVE Number: CVE-2008-1437
iDefense Title: Microsoft Malware Protection Engine Input Validation DoS Condition Vulnerability
iDefense Master ID: 469392
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Malware Protection Engine, as included in multiple Microsoft products, could allow an attacker to cause a denial of service (DoS) condition.

CVE Number: CVE-2008-1438
iDefense Title: Microsoft Malware Protection Engine DoS Vulnerability
iDefense Master ID: 469394
iDefense Severity: LOW

Remote exploitation of a denial of service vulnerability in Microsoft Corp.'s Malware Protection Engine, as included in multiple Microsoft products, could allow an attacker to cause a denial of service (DoS) condition.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: May 2008
URL:	news/msft/2008-05-13.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement