Microsoft Corp. has released four Security Bulletins encompassing eight vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS08-052: Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
http://www.microsoft.com/technet/security/bulletin/MS08-052.mspx

CVE Number: CVE-2007-5348
iDefense Title: Microsoft Windows GDI+ Gradient Fill Negative Size Heap Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 459813
iDefense Severity: HIGH
iDefense Initial Disclosure Date: May 9, 2007

Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s GDI+ could allow an attacker to execute arbitrary code within the context of the local user.

CVE Number: CVE-2008-3012
iDefense Title: Microsoft Windows GDI+ EMF File Processing Remote Code Execution Vulnerability
iDefense Master ID: 472260
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Windows could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-3013
iDefense Title: Microsoft Windows GDI+ GIF Memory Corruption Vulnerability
iDefense Master ID: 472257
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host as the current user.

CVE Number: CVE-2008-3014
iDefense Title: Microsoft Windows GDI+ WMF Heap-Based Buffer Overflow Vulnerability
iDefense Master ID: 472259
iDefense Severity: HIGH

Remote exploitation of a heap-based buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows could allow attackers to execute arbitrary code on the targeted host as the current user.

CVE Number: CVE-2008-3015
iDefense Title: Microsoft GDI+ BMP File Processing Integer Overflow Vulnerability
iDefense Master ID: 472263
iDefense Severity: HIGH

Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Office could allow attackers to execute arbitrary code on the targeted host as the current user.
 

Security Bulletin MS08-053: Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
http://www.microsoft.com/technet/security/bulletin/MS08-053.mspx

CVE Number: CVE-2008-3008
iDefense Title: Microsoft Windows Media Encoder 9 ActiveX Control wmex.dll Buffer Overflow Vulnerability
iDefense Master ID: 472261
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in version 9 of Microsoft Corp.'s Windows Media Encoder could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS08-054: Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
http://www.microsoft.com/technet/security/bulletin/MS08-054.mspx

CVE Number: CVE-2008-2253
iDefense Title: Microsoft Windows Media Player 11 Sampling Rate Memory Corruption Vulnerability
iDefense Master ID: 472258
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Windows Media Player 11 could allow an attacker to execute arbitrary code with the privileges of the current user.
 

Security Bulletin MS08-055: Vulnerability in Microsoft Office Could allow Remote Code Execution (955047)
http://www.microsoft.com/technet/security/bulletin/MS08-055.mspx

CVE Number: CVE-2008-3007
iDefense Title: Microsoft Office Uniform Resource Locator (URL) Remote Code Execution Vulnerability
iDefense Master ID: 472262
iDefense Severity: MEDIUM

Remote exploitation of a validation error vulnerability in multiple versions of Microsoft Corp.'s Office could allow an attacker to execute arbitrary code with the privileges of the current user.