Microsoft Security Bulletin: June 2009 // iDefense Labs

03.21.2010 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: JUNE 2009

Home // News // Microsoft // Microsoft Security Bulletin: June 2009

Microsoft Corp. has released 10 Security Bulletins encompassing 31 vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS09-018: Vulnerabilities in Active Directory Could Allow Remote Code Execution (971055)
http://www.microsoft.com/technet/security/bulletin/MS09-018.mspx

CVE Number: CVE-2009-1138
iDefense Title: Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability (iDefense Exclusive)
iDefense Master ID: 480851
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Jan. 21, 2009

Remote exploitation of an invalid free vulnerability in Microsoft Corp.'s Active Directory Server allows attackers to exhaust all virtual memory.

CVE Number: CVE-2009-1139
iDefense Title: Microsoft Active Directory LDAP OID Filters Memory Leak Vulnerability
iDefense Master ID: 486788
iDefense Severity: MEDIUM

Remote exploitation of a memory leak vulnerability in Microsoft Corp.'s Active Directory allows attackers to cause the server to stop responding.

Security Bulletin MS09-019: Cumulative Security Update for Internet Explorer (969897)
http://www.microsoft.com/technet/security/bulletin/MS09-019.mspx

CVE Number: CVE-2007-3091
iDefense Title: Microsoft Internet Explorer JavaScript Cross-Domain Information Disclosure Vulnerability
iDefense Master ID: 460889
iDefense Severity: MEDIUM

Remote exploitation of an information disclosure vulnerability in versions 6 and 7 of Microsoft Corp.'s Internet Explorer could allow attackers to gain access to sensitive information.

CVE Number: CVE-2009-1140
iDefense Title: Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability
iDefense Master ID: 486796
iDefense Severity: LOW

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to gain knowledge of sensitive information.

CVE Number: CVE-2009-1141
iDefense Title: Microsoft Internet Explorer 6 DHTML Object Memory Corruption Vulnerability
iDefense Master ID: 486786
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer 6 could allow an attacker to execute arbitrary code with the privileges of the current user.

CVE Number: CVE-2009-1528
iDefense Title: Microsoft Internet Explorer HTML Object Memory Corruption Vulnerability
iDefense Master ID: 486813
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code on the targeted host.

CVE Number: CVE-2009-1529
iDefense Title: Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
iDefense Master ID: 486800
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code on the targeted host.

CVE Number: CVE-2009-1530
iDefense Title: Microsoft Internet Explorer Uninitialized HTML Object Memory Corruption Vulnerability
iDefense Master ID: 486804
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code on the targeted host.

CVE Number: CVE-2009-1531
iDefense Title: Microsoft Internet Explorer Memory Corruption Vulnerability
iDefense Master ID: 486787
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code on the targeted host.

CVE Number: CVE-2009-1532
iDefense Title: Microsoft Internet Explorer Object Memory Corruption Vulnerability
iDefense Master ID: 486810
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code on the targeted host.

Security Bulletin MS09-020: Vulnerabilities in Internet Information Services (IIS) Could Allow Elevation of Privilege (970483)
http://www.microsoft.com/technet/security/bulletin/MS09-020.mspx

CVE Number: CVE-2009-1122
iDefense Title: Microsoft IIS 5.0 HTTP Request Handling Authentication Bypass Vulnerability
iDefense Master ID: 486801
iDefense Severity: MEDIUM

Remote exploitation of an access validation error vulnerability in version 5.0 of Microsoft Corp.'s IIS could allow an attacker to bypass authentication mechanisms.

CVE Number: CVE-2009-1535
iDefense Title: Microsoft IIS WebDAV Unicode Character Information Disclosure Vulnerability
iDefense Master ID: 486122
iDefense Severity: MEDIUM

Remote exploitation of an input validation error vulnerability in multiple versions of Microsoft Corp.'s IIS could allow attackers to steal sensitive information on the targeted host.

Security Bulletin MS09-021: Critical Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (969462)
http://www.microsoft.com/technet/security/bulletin/MS09-021.mspx

CVE Number: CVE-2009-0549
iDefense Title: Microsoft Excel Record Pointer Corruption Vulnerability
iDefense Master ID: 486790
iDefense Severity: MEDIUM

Remote exploitation of a record pointer corruption vulnerability in Microsoft Corp's Excel could allow an attacker to execute arbitrary code on a targeted system.

CVE Number: CVE-2009-0557
iDefense Title: Microsoft Excel Object Record Corruption Vulnerability
iDefense Master ID: 486793
iDefense Severity: MEDIUM

Remote exploitation of an object record corruption vulnerability in Microsoft Corp's Excel could allow an attacker to execute arbitrary code on a targeted system.

CVE Number: CVE-2009-0558
iDefense Title: Microsoft Excel Array Indexing Memory Corruption Vulnerability
iDefense Master ID: 486794
iDefense Severity: MEDIUM

Remote exploitation of an array indexing memory corruption vulnerability in Microsoft Corp's Excel could allow an attacker to execute arbitrary code on a targeted system.

CVE Number: CVE-2009-0559
iDefense Title: Microsoft Excel String Copy Stack-Based Overrun Vulnerability
iDefense Master ID: 486795
iDefense Severity: MEDIUM

Remote exploitation of a string copy stack-based overrun vulnerability in Microsoft Corp's Excel could allow an attacker to execute arbitrary code on a targeted system.

CVE Number: CVE-2009-0560
iDefense Title: Microsoft Excel Field Sanitization Memory Corruption Vulnerability
iDefense Master ID: 486805
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allows attackers to execute arbitrary code with the privileges of the current user.

CVE Number: CVE-2009-0561
iDefense Title: Microsoft Excel SST Record Integer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 482957
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Feb. 17, 2009

Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code with the privileges of the current user.

CVE Number: CVE-2009-1134
iDefense Title: Microsoft Excel 2007 Record Pointer Processing Code Execution Vulnerability
iDefense Master ID: 486806
iDefense Severity: MEDIUM

Remote exploitation of an unspecified vulnerability in Microsoft Corp.'s Excel 2007 could allow an attacker to execute arbitrary code.

Security Bulletin MS09-022: Vulnerabilities in Windows Print Spooler Could Allow Remote Code Execution (961501)
http://www.microsoft.com/technet/security/bulletin/MS09-022.mspx

CVE Number: CVE-2009-0228
iDefense Title: Microsoft Windows 2000 Print Spooler Service Stack Buffer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 471998
iDefense Severity: HIGH
iDefense Initial Disclosure Date: Aug. 29, 2008

Remote exploitation of a stack buffer overflow vulnerability in Microsoft Corp.'s Windows 2000 operating system could allow an unauthenticated attacker to execute arbitrary code with system-level privileges.

CVE Number: CVE-2009-0229
iDefense Title: Microsoft Windows 2000 Print Spooler Service Arbitrary File Read Vulnerability
iDefense Master ID: 486797
iDefense Severity: LOW

Local exploitation of an arbitrary file read vulnerability in Microsoft Corp.'s Print Spooler Service could allow an attacker to read or print any file on the system.

CVE Number: CVE-2009-0230
iDefense Title: Microsoft Windows Print Spooler Library Loading Vulnerability
iDefense Master ID: 486815
iDefense Severity: MEDIUM

Local exploitation of a library loading vulnerability within Microsoft Corp.'s Print Spooler component of Windows allows attackers to elevate privileges.

Security Bulletin MS09-023: Vulnerability in Windows Search Could Allow Information Disclosure (963093)
http://www.microsoft.com/technet/security/bulletin/MS09-023.mspx

CVE Number: CVE-2009-0239
iDefense Title: Microsoft Windows Search Script Execution Information Disclosure Vulnerability
iDefense Master ID: 486807
iDefense Severity: LOW

Remote exploitation of a script execution vulnerability in the Windows Search component of Microsoft Corp.'s Windows operating system allows attackers to gain access to sensitive information.

Security Bulletin MS09-024: Vulnerability in Microsoft Works Converters Could Allow Remote Code Execution (957632)
http://www.microsoft.com/technet/security/bulletin/MS09-024.mspx

CVE Number: CVE-2009-1533
iDefense Title: Microsoft Works File Converter Buffer Overflow Vulnerability
iDefense Master ID: 486802
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Microsoft Works could allow an attacker to execute arbitrary code with the privileges of the current user.

Security Bulletin MS09-025: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (968537)
http://www.microsoft.com/technet/security/bulletin/MS09-025.mspx

CVE Number: CVE-2009-1123
iDefense Title: Microsoft Windows Kernel Desktop Object Validation Vulnerability
iDefense Master ID: 486814
iDefense Severity: MEDIUM

Local exploitation of an object validation vulnerability in Microsoft Corp.'s Windows kernel could allow an attacker to execute arbitrary code with kernel privileges.

CVE Number: CVE-2009-1124
iDefense Title: Microsoft Windows Kernel Error Handling Pointer Validation Vulnerability
iDefense Master ID: 486789
iDefense Severity: MEDIUM

Local exploitation of a memory corruption vulnerability in Microsoft Corp.'s Windows kernel could allow an attacker to execute arbitrary code with kernel privileges.

CVE Number: CVE-2009-1125
iDefense Title: Microsoft Windows Kernel Driver Class Registration Memory Corruption Vulnerability
iDefense Master ID: 486791
iDefense Severity: MEDIUM

Local exploitation of a memory corruption vulnerability in Microsoft Corp.'s Windows kernel could allow an attacker to execute arbitrary code with kernel privileges.

CVE Number: CVE-2009-1126
iDefense Title: Microsoft Windows Kernel Desktop Wallpaper Stack Buffer Overflow Vulnerability
iDefense Master ID: 486792
iDefense Severity: MEDIUM

Local exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s Windows kernel could allow an attacker to execute arbitrary code with kernel privileges.

Security Bulletin MS09-026: Vulnerability in RPC Could Allow Elevation of Privilege (970238)
http://www.microsoft.com/technet/security/bulletin/MS09-026.mspx

CVE Number: CVE-2009-0568
iDefense Title: Microsoft Windows RPC Marshalling Engine Design Error Vulnerability
iDefense Master ID: 486812
iDefense Severity: MEDIUM

Remote exploitation of an design error vulnerability within various versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code.

Security Bulletin MS09-027: Critical Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (969514)
http://www.microsoft.com/technet/security/bulletin/MS09-027.mspx

CVE Number: CVE-2009-0563
iDefense Title: Microsoft Word Buffer Overflow Vulnerability
iDefense Master ID: 486798
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp's Word could allow an attacker to execute arbitrary code on a targeted system.

CVE Number: CVE-2009-0565
iDefense Title: Microsoft Word Buffer Overflow Vulnerability
iDefense Master ID: 486811
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word could allow an attacker to execute arbitrary code with the privileges of the current user.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: June 2009
URL:	news/msft/2009-06-09.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement