Microsoft Corp. has released two Security Bulletins encompassing four vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS08-068: Vulnerability in SMB Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS08-068.mspx

CVE Number: CVE-2008-4037
iDefense Title: Microsoft Office Content-Disposition Header Cross-Site Scripting (XXS) Vulnerability (957097)
iDefense Master ID: 474945
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Windows Server Message Block (SMB) could allow an attacker to execute arbitrary code with the privileges of the currently logged-on user.
 

Security Bulletin MS08-069: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (955218)
http://www.microsoft.com/technet/security/bulletin/MS08-069.mspx

CVE Number: CVE-2007-0099
iDefense Title: Microsoft msxml Design Error Vulnerability
iDefense Master ID: 455739
iDefense Severity: HIGH

Remote exploitation of a design error vulnerability in Microsoft Corp.'s XML Core Services could allow an attacker to execute arbitrary code.

CVE Number: CVE-2008-4029
iDefense Title: Microsoft Windows XML Core Services Cross-Domain Scripting Information Disclosure Vulnerability
iDefense Master ID: 474946
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in various versions of Microsoft Corp.'s Windows could allow an attacker to steal sensitive data from the targeted host.

CVE Number: CVE-2008-4033
iDefense Title: Microsoft Windows XML Core Services 6.0 Header Request Input Validation Error Vulnerability
iDefense Master ID: 474944
iDefense Severity: MEDIUM

Remote exploitation of an input validation error in various versions of Microsoft Corp.'s Windows could allow attackers steal sensitive information from the targeted host.