VCP
  |
  DOWNLOADS
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: AUGUST 2008
MICROSOFT SECURITY BULLETIN: AUGUST 2008
MICROSOFT SECURITY BULLETIN: AUGUST 2008
 Home // News  //  Microsoft // Microsoft Security Bulletin: August 2008
Email This Page URL  Print This Page

Microsoft Corp. has released 11 Security Bulletins encompassing 26 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution (955617)
http://www.microsoft.com/technet/security/bulletin/MS08-041.mspx

CVE Number: CVE-2008-2463
iDefense Title: Microsoft Access 2003 Snapshot Viewer ActiveX Control Arbitrary File Overwrite Vulnerability
iDefense Master ID: 470499
iDefense Severity: HIGH

Remote exploitation of an arbitrary file overwrite vulnerability in versions 2003 and earlier of Microsoft Corp.'s Access, could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS08-042: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (955048)
http://www.microsoft.com/technet/security/bulletin/MS08-042.mspx

CVE Number: CVE-2008-2244
iDefense Title: Microsoft Word Record Parsing Memory Corruption Vulnerability
iDefense Master ID: 470539
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Word, could allow an attacker to execute arbitrary code.
 

Security Bulletin MS08-043: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (954066)
http://www.microsoft.com/technet/security/bulletin/MS08-043.mspx

CVE Number: CVE-2008-3003
iDefense Title: Microsoft Excel 2007 SP1 Credential Caching Design Error Vulnerability
iDefense Master ID: 471247
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in versions 2007 SP1 and earlier of Microsoft Corp.'s Excel, could allow attackers to gain escalated privileges on the targeted host.

CVE Number: CVE-2008-3004
iDefense Title: Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability (iDefense Exclusive)
iDefense Master ID: 468118
iDefense Severity: MEDIUM

Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user.

CVE Number: CVE-2008-3005
iDefense Title: Microsoft Excel FORMAT Record Invalid Array Index Vulnerability (iDefense Exclusive)
iDefense Master ID: 468120
iDefense Severity: MEDIUM

Remote exploitation of an invalid array indexing vulnerability in Microsoft Corp.'s Excel, could allow attackers to execute arbitrary code with the privileges of the current user.

CVE Number: CVE-2008-3006
iDefense Title: Microsoft Excel Record Parsing Memory Corruption Vulnerability
iDefense Master ID: 471251
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Excel, could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (924090)
http://www.microsoft.com/technet/security/bulletin/MS08-044.mspx

CVE Number: CVE-2008-3018
iDefense Title: Microsoft Office Malformed PICT Format Image Filter Buffer Overflow Vulnerability
iDefense Master ID: 471253
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Office, could allow attackers to execute arbitrary code on the targeted host.

CVE Number: CVE-2008-3019
iDefense Title: Microsoft Office Encapsulated PostScript (EPS) File Filter Arbitrary Code Execution Vulnerability
iDefense Master ID: 471243
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Office filter for encapsulated PostScript files, could allow an attacker to execute arbitrary code with the privileges of the victim.

CVE Number: CVE-2008-3020
iDefense Title: Microsoft Office BMP Input Filter Malformed Header Heap Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 448515
iDefense Severity: MEDIUM

Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Office BMPIMP32.FLT filter module, as distributed with Microsoft Office, allows attackers to execute arbitrary code.

CVE Number: CVE-2008-3021
iDefense Title: Microsoft Office PICT Format Image Filter Buffer Overflow Vulnerability
iDefense Master ID: 471254
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Office, could allow attackers to execute arbitrary code on the targeted host.

CVE Number: CVE-2008-3460
iDefense Title: Microsoft Office WPG Image File Heap Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 452146
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Office filter for WordPerfect graphics files, could allow an attacker to execute arbitrary code with the privileges of the compromised user.
 

Security Bulletin MS08-045: Cumulative Security Update for Internet Explorer (953838)
http://www.microsoft.com/technet/security/bulletin/MS08-045.mspx

CVE Number: CVE-2008-2254
iDefense Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory Vulnerability
iDefense Master ID: 471242
iDefense Severity: HIGH

Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Internet Explorer versions 6 and 7, could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-2255
iDefense Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory Vulnerability
iDefense Master ID: 471244
iDefense Severity: HIGH

Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Internet Explorer versions 6 and 7, could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-2256
iDefense Title: Microsoft Internet Explorer Uninitialized Memory Vulnerability
iDefense Master ID: 471245
iDefense Severity: HIGH

Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Internet Explorer versions 6 and 7, could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-2257
iDefense Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory Vulnerability
iDefense Master ID: 471246
iDefense Severity: HIGH

Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Internet Explorer versions 6 and 7, could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-2258
iDefense Title: Microsoft Internet Explorer HTML Objects Uninitialized Memory Vulnerability
iDefense Master ID: 471248
iDefense Severity: HIGH

Remote exploitation of an uninitialized memory vulnerability in Microsoft Corp.'s Internet Explorer versions 6 and 7, could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-2259
iDefense Title: Microsoft Internet Explorer Print Preview Argument Validation Vulnerability
iDefense Master ID: 471249
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer versions 6 and 7, could allow an attacker to execute arbitrary code.
 

Security Bulletin MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution (952954)
http://www.microsoft.com/technet/security/bulletin/MS08-046.mspx

CVE Number: CVE-2008-2245
iDefense Title: Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 468630
iDefense Severity: HIGH
iDefense Initial Disclosure Date: April 10, 2008

Remote exploitation of a heap-based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system, could allow an attacker to execute arbitrary code with the privileges of the current user.
 

Security Bulletin MS08-047: Vulnerabilities in IPsec Policy Processing Could Allow Information Disclosure (953733)
http://www.microsoft.com/technet/security/bulletin/MS08-047.mspx

CVE Number: CVE-2008-2046
iDefense Title: Microsoft Windows Vista and Server 2008 IPsec Policy Information Disclosure Vulnerability
iDefense Master ID: 471250
iDefense Severity: MEDIUM

Remote exploitation of an information disclosure vulnerability in Microsoft Corp.'s Windows Vista and Server 2008 IPsec policy, could allow attackers intercepting network traffic to view and possibly modify the traffic contents which are intended to be encrypted.
 

Security Bulletin MS08-048: Security Update for Outlook Express and Windows Mail (951066)
http://www.microsoft.com/technet/security/bulletin/MS08-048.mspx

CVE Number: CVE-2008-1448
iDefense Title: Microsoft Outlook and Windows Mail Information Disclosure Vulnerability
iDefense Master ID: 471258
iDefense Severity: MEDIUM

Remote exploitation of an information disclosure vulnerability in Microsoft Corp.'s Outlook and Windows Mail, could allow an attacker to disclose sensitive information.
 

Security Bulletin MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution (950974)
http://www.microsoft.com/technet/security/bulletin/MS08-049.mspx

CVE Number: CVE-2008-1456
iDefense Title: Microsoft Event System Remote Buffer Overflow Vulnerability
iDefense Master ID: 471257
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Event System, could allow an attacker to execute arbitrary code with local privileges.

CVE Number: CVE-2008-1457
iDefense Title: Microsoft Event System Remote Code Execution Vulnerability
iDefense Master ID: 471255
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Event System, could allow an attacker to execute arbitrary code with local privileges.
 

Security Bulletin MS08-050: Vulnerabilities in Windows Messenger Could Allow Information Disclosure (955702)
http://www.microsoft.com/technet/security/bulletin/MS08-050.mspx

CVE Number: CVE-2008-0082
iDefense Title: Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability
iDefense Master ID: 471256
iDefense Severity: MEDIUM

Remote exploitation of an information disclosure vulnerability in Microsoft Corp.'s Windows Messenger, could allow attackers to gain the privileges of the user logged into Windows Messenger.
 

Security Bulletin MS08-051: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785)
http://www.microsoft.com/technet/security/bulletin/MS08-051.mspx

CVE Number: CVE-2008-0120
iDefense Title: Microsoft PowerPoint Viewer 2003 CString Integer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 464353
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Sept. 27, 2007

Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s PowerPoint Viewer 2003, could allow an attacker to execute arbitrary code in the context of the user running the application.

CVE Number: CVE-2008-0121
iDefense Title: Microsoft PowerPoint Viewer 2003 Out-of-Bounds Array Index Vulnerability (iDefense Exclusive)
iDefense Master ID: 464352
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Sept. 27, 2007

Remote exploitation of an out-of-bounds array index vulnerability in Microsoft Corp.'s PowerPoint Viewer 2003, could allow an attacker to execute arbitrary code in the context of the user running the application.

CVE Number: CVE-2008-1455
iDefense Title: Microsoft Office PowerPoint Memory Corruption Vulnerability
iDefense Master ID: 471241
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Sept. 27, 2007

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s PowerPoint, could allow an attacker to execute arbitrary code with the privileges of the current user.