Microsoft Security Bulletin: July 2008 // iDefense Labs

11.20.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: JULY 2008

Home // News // Microsoft // Microsoft Security Bulletin: July 2008

Microsoft Corp. has released four security bulletins encompassing nine vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS08-037: Vulnerability in DNS Could Allow Spoofing (953230)
http://www.microsoft.com/technet/security/bulletin/MS08-037.mspx

CVE Number: CVE-2008-1447
iDefense Title: Microsoft Windows DNS Weak Entropy Spoofing and Record Insertion Vulnerability
iDefense Master ID: 470529
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s DNS client and server could allow an attacker to spoof query responses and insert records into the DNS server or client cache.

CVE Number: CVE-2008-1454
iDefense Title: Microsoft Windows DNS Cache Poisoning Design Error Vulnerability
iDefense Master ID: 470535
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability within Microsoft Corp.'s Windows DNS server could allow an attacker to insert arbitrary records into the DNS cache allowing for legitimate traffic to be redirected to attacker-controlled systems.

Security Bulletin MS08-038: Vulnerability in Windows Explorer Could Allow Remote Code Execution (950582)
http://www.microsoft.com/technet/security/bulletin/MS08-038.mspx

CVE Number: CVE-2008-1435
iDefense Title: Microsoft Windows Explorer Saved Search File Input Validation Vulnerability
iDefense Master ID: 470531
iDefense Severity: LOW

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Windows Explorer could allow an attacker to execute arbitrary code with the privileges of the logged-on user.

Security Bulletin MS08-039: Vulnerabilities in Outlook Web Access for Exchange Server Could Allow Elevation of Privilege (953747)
http://www.microsoft.com/technet/security/bulletin/MS08-039.mspx

CVE Number: CVE-2008-2247
iDefense Title: Microsoft Outlook Web Access for Exchange Server 2003 SP2 E-Mail Fields Input Validation Error Vulnerability
iDefense Master ID: 470533
iDefense Severity: MEDIUM

Remote exploitation of an input validation error vulnerability in version 2003 SP2 of Microsoft Corp.'s Outlook Web Access for Exchange Server could allow attackers to gain escalated privileges on the targeted host.

CVE Number: CVE-2008-2248
iDefense Title: Microsoft Outlook Web Access for Exchange Server 2007 SP1 HTML Parsing Input Validation Error Vulnerability
iDefense Master ID: 470536
iDefense Severity: MEDIUM

Remote exploitation of an input validation error vulnerability in version 2007 SP1 and prior of Microsoft Corp.'s Outlook Web Access for Exchange Server could allow attackers to gain escalated privileges on the targeted host.

Security Bulletin MS08-040: Vulnerabilities in Microsoft SQL Server Could Allow Elevation of Privilege (941203)
http://www.microsoft.com/technet/security/bulletin/MS08-040.mspx

CVE Number: CVE-2008-0085
iDefense Title: Microsoft SQL Server Uninitialized Memory Information Disclosure Vulnerability
iDefense Master ID: 470532
iDefense Severity: MEDIUM

Remote exploitation of an information disclosure vulnerability in Microsoft Corps.'s SQL database server could allow attackers to potentially view sensitive information.

CVE Number: CVE-2008-0086
iDefense Title: Microsoft SQL Server 2000 Convert Buffer Overflow Vulnerability
iDefense Master ID: 470528
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s SQL Server 2000 allows attackers to execute arbitrary code with administrative privileges.

CVE Number: CVE-2008-0106
iDefense Title: Microsoft SQL Server 2005 "insert" Statement Processing Arbitrary Code Execution Vulnerability
iDefense Master ID: 470530
iDefense Severity: MEDIUM

Remote exploitation of a privilege escalation vulnerability in Microsoft Corp.'s SQL Server 2005 could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-0107
iDefense Title: Microsoft SQL Server Restore FileListOnly Integer Underflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 466200
iDefense Severity: MEDIUM

Remote exploitation of a heap overflow vulnerability within Microsoft Corp.'s SQL Server could allow a remote attacker to execute arbitrary code with the privileges of the SQL Server.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: July 2008
URL:	news/msft/2008-07-08.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement