Microsoft Security Bulletin: June 2008 // iDefense Labs

08.20.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: JUNE 2008

Home // News // Microsoft // Microsoft Security Bulletin: June 2008

Microsoft Corp. has released seven security bulletins encompassing 10 vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)
http://www.microsoft.com/technet/security/bulletin/MS08-030.mspx

CVE Number: CVE-2008-1453
iDefense Title: Microsoft Bluetooth Stack Service Discovery Protocol (SDP) Packets Arbitrary Code Execution Vulnerability
iDefense Master ID: 469932
iDefense Severity: MEDIUM

Remote exploitation of an unspecified vulnerability in Microsoft Corp.'s Bluetooth Stack in various Microsoft operating systems could allow an attacker to execute arbitrary code.

Security Bulletin MS08-031: Cumulative Security Update for Internet Explorer (950759)
http://www.microsoft.com/technet/security/bulletin/MS08-031.mspx

CVE Number: CVE-2008-1442
iDefense Title: Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability
iDefense Master ID: 469935
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s HTML Objects allows attackers to execute arbitrary code in the context of the currently logged-on user.

CVE Number: CVE-2008-1544
iDefense Title: Microsoft Internet Explorer 7 HTTP Header Overwrite Vulnerability
iDefense Master ID: 468351
iDefense Severity: LOW

Remote exploitation of a HTTP request-splitting vulnerability in Microsoft Corp.'s Internet Explorer 7 could allow an attacker to gain access to potentially sensitive information.

Security Bulletin MS08-032: Cumulative Security Update of ActiveX Kill Bits (950760)
http://www.microsoft.com/technet/security/bulletin/MS08-032.mspx

CVE Number: CVE-2007-0675
iDefense Title: Microsoft Windows Voice Command Remote Command Execution Vulnerability
iDefense Master ID: 456923
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary commands or code within the context of the local user.

Security Bulletin MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)
http://www.microsoft.com/technet/security/bulletin/MS08-033.mspx

CVE Number: CVE-2008-0011
iDefense Title: Microsoft DirectX MJPEG Decoding Memory Corruption Vulnerability
iDefense Master ID: 469934
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s DirectX could allow an attacker to execute arbitrary code with the privileges of the current user.

CVE Number: CVE-2008-1444
iDefense Title: Microsoft DirectX SAMI Input Validation Vulnerability
iDefense Master ID: 469937
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s DirectX versions 8.1 and earlier could allow an attacker to execute arbitrary code with the privileges of the currently logged-on user.

Security Bulletin MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745)
http://www.microsoft.com/technet/security/bulletin/MS08-034.mspx

CVE Number: CVE-2008-1451
iDefense Title: Microsoft Windows 2000 and 2003 WINS Memory Overwrite Privilege Escalation Vulnerability
iDefense Master ID: 469939
iDefense Severity: MEDIUM

Local exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows 2000 and 2003 could allow an attacker to execute arbitrary code with escalated privileges.

Security Bulletin MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235)
http://www.microsoft.com/technet/security/bulletin/MS08-035.mspx

CVE Number: CVE-2008-1445
iDefense Title: Microsoft Windows Active Directory LDAP Unspecified DoS Vulnerability
iDefense Master ID: 469933
iDefense Severity: LOW

Remote exploitation of an unspecified vulnerability in various versions of Microsoft Corp.'s Windows could allow attackers to create a denial of service (DoS) condition on the targeted host.

Security Bulletin MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)
http://www.microsoft.com/technet/security/bulletin/MS08-036.mspx

CVE Number: CVE-2008-1440
iDefense Title: Microsoft Windows Pragmatic General Multicast Invalid Options Length DoS Vulnerability
iDefense Master ID: 469938
iDefense Severity: LOW

Remote exploitation an input validation error vulnerability in various versions of Microsoft Corp.'s Windows could allow attackers to create a denial of service (DoS) condition on the targeted host.

CVE Number: CVE-2008-1441
iDefense Title: Microsoft Windows Pragmatic General Multicast Invalid Fragment Option DoS Vulnerability
iDefense Master ID: 469936
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in various versions of Microsoft Corp.'s Windows could allow attackers to cause a denial of service (DoS) condition on the targeted host.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: June 2008
URL:	news/msft/2008-06-10.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement