Published: 2009-06-11T06:42+00:00
Last Updated: 2009-06-14T02:50+00:00
JVNTR-2009-14
Microsoft Updates for Multiple Vulnerabilities (TA09-160A)
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer.
Event Information
| Date (UTC) | Description |
| 2009-09-05 |
iDefense Microsoft Windows 2000 Print Spooler Remote Stack Buffer Overflow Vulnerability Buffer Overflow in Print Spooler Vulnerability (CVE-2009-0228, MS09-022) Vulnerability Reported This vulnerability exists in the EnumeratePrintShares function in win32spl.dll. The vulnerable function does not correctly validate the length of the printer server's response. When a malformed response is received from the printer server, the stack buffer can be overflowed, resulting in an exploitable condition. |
| 2009-06-10 04:07 |
JPCERT/CC JPCERT-AT-2009-0011: Jun 2009 Microsoft Security Bulletin (including six critical patches) |
| 2009-06-10 02:36 |
Microsoft Microsoft Security Advisory (971492): Vulnerability in Internet Information Services Could Allow Elevation of Privilege IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-020 to address this issue. |
| 2009-06-10 01:42 |
FortiGuard FGA-2009-22: Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability DHTML Object Memory Corruption Vulnerability (CVE-2009-1141, MS09-019) Vulnerability Disclosure |
| 2009-06-09 22:23 |
SANS Internet Storm Center Microsoft June Black Tuesday Overview Overview of the June 2009 Microsoft patches and their status. |
| 2009-06-09 20:30 |
US-CERT TA09-160A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2009-06-09 20:26 |
Microsoft ms09-Jun: Microsoft Security Bulletin Summary for June 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-06-09 17:44 |
Symantec ThreatCON (2) => (2) On June 9, 2009, Microsoft released ten Security Bulletins. The DeepSight Threat Analysis Team urges customers to apply the updates contained in these bulletins as soon as possible. |
| 2009-06-09 17:25 |
US-CERT Microsoft Releases June Security Bulletin US-CERT Current Activity Microsoft has released an update to address vulnerabilities in Microsoft Windows, Office, and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2009. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges, or obtain sensitive information. |
| 2009-06-09 |
FortiGuard FGA-2009-22: Multiple Memory Corruption Vulnerabilities in Microsoft Office Excel Record Pointer Corruption Vulnerability (CVE-2009-0549, MS09-021) Object Record Corruption Vulnerability (CVE-2009-0557, MS09-021) Field Sanitization Memory Corruption Vulnerability (CVE-2009-0560, MS09-021) Vulnerability Disclosure |
| 2009-05-29 01:38 |
Microsoft ms09-jun: Microsoft Security Bulletin Advance Notification for June 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-05-26 |
Bugtraq Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (pl) IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) Vulnerability Proof Of Concept #Cid: 34993.pl |
| 2009-05-22 |
Bugtraq Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Exploit (php) IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) Vulnerability Proof Of Concept #Cid: 34993.php |
| 2009-05-19 04:27 |
Microsoft Microsoft Security Advisory (971492): Vulnerability in Internet Information Services Could Allow Elevation of Privilege IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) Advisory published. |
| 2009-05-18 12:54 |
US-CERT Microsoft Internet Information Services (IIS) WebDAV Request Vulnerability US-CERT Current Activity US-CERT is aware of public reports of a vulnerability affecting Microsoft Internet Information Services 6 (IIS6). Reports indicate that this vulnerability is due to improper handling of unicode tokens. Exploitation of this vulnerability may allow a remote attacker to bypass authentication methods, allowing an attacker to upload files to a WebDAV folder or obtain sensitive information. NTFS file ACLs will generally prevent the anonymous internet user from writing to an unauthorized area. US-CERT is also aware of publicly available exploit code and active exploitation of this vulnerability. |
| 2009-05-16 03:16 |
Symantec ThreatCON (2) => (2) A newly discovered and unpatched flaw has been disclosed affecting Microsoft IIS 6 with WebDAV enabled. Users are advised to disable WebDAV or upgrade to IIS 7 if possible. IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) |
| 2009-05-16 00:05 |
SANS Internet Storm Center IIS6.0 WebDav Remote Auth Bypass Quick update on this: There are now two Microsoft blog posts with details. The MSRC blog at http://blogs.technet.com/msrc and the SRD blog http://blogs.technet.com/srd (the later has more details). IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) |
| 2009-05-15 22:26 |
IIS 6 + Webdav auth bypass and data upload IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) |
| 2009-05-15 |
Bugtraq Microsoft IIS 6.0 WebDAV Remote Authentication Bypass Vulnerability IIS 5.1 and 6.0 WebDAV Authentication Bypass Vulnerability (CVE-2009-1535, MS09-020) Vulnerability Proof Of Concept #Cid: 34993.txt |
| 2009-03-26 |
Zero Day Initiative (ZDI) ZDI-09-040: Microsoft Office Excel QSIR Record Pointer Corruption Vulnerability Record Pointer Corruption Vulnerability (CVE-2009-1134, MS09-021) Vulnerability Reported The specific flaw exists within the parsing of the BIFF file format used by Microsoft Excel. When Excel 2007 encounters a malformed Qsir record (0x806) user data is improperly handled leading to potential code execution. Successful exploitation of this can lead to a remote compromise of the affected system running under the credentials of the currently logged in user. |
| 2009-03-19 |
Zero Day Initiative (ZDI) ZDI-09-041: Microsoft Internet Explorer 8 Rows Property Dangling Pointer Code Execution Vulnerability HTML Objects Memory Corruption Vulnerability (CVE-2009-1532, MS09-019) Vulnerability Reported The specific flaw exists during the rendering of an HTML page with malformed row property references, resulting in a dangling pointer which can be abused to execute arbitrary code. Internet Explorer 7 is not affected. |
| 2009-03-10 |
Secunia Research 2009-12: Microsoft Excel String Parsing Integer Overflow Vulnerability Record Integer Overflow Vulnerability (CVE-2009-0561, MS09-021) Vulnerability Reported |
| 2009-02-19 |
iDefense Microsoft Excel SST Record Integer Overflow Vulnerability Record Integer Overflow Vulnerability (CVE-2009-0561, MS09-021) Vulnerability Reported The vulnerability occurs when parsing a Shared String Table (SST) record inside of an Excel file. This record is used to hold a table of strings that are used inside of the document. One of the fields in this record is a 32-bit integer that represents the number of unique strings in the table. This value is used to allocate an array of pointers to the strings contained inside of the table. When allocating this array, an integer overflow occurs in the calculation of its size. This leads to a heap based buffer overflow when the array is filled with pointers to strings from the file. |
| 2009-01-26 |
Zero Day Initiative (ZDI) ZDI-09-039: Microsoft Internet Explorer onreadystatechange Memory Corruption Vulnerability HTML Object Memory Corruption Vulnerability (CVE-2009-1531, MS09-019) Vulnerability Reported The specific flaw exists when repeated calls are made to getElementsByTagName() and the reordering of the elements in the document causes an object to be allocated. The use of the event "onreadystatechange" during this operation improperly frees the previously allocated resource. The combination, with repeated page rendering, leads to the exploitable memory corruption. |
| 2009-01-26 |
Zero Day Initiative (ZDI) ZDI-09-038: Microsoft Internet Explorer Event Handler Memory Corruption Vulnerability HTML Objects Memory Corruption Vulnerability (CVE-2009-1530, MS09-019) Vulnerability Reported The specific flaw exists when repeatedly calling event handlers after adding nodes of an HTML document. When a specially crafted webpage is repeatedly rendered, memory is improperly reused after it has been freed. Due to the controllable nature of the web browser, this vulnerability can be exploited to remotely compromise a system running under the security context of the currently logged in user. |
| 2009-01-26 |
Zero Day Initiative (ZDI) ZDI-09-036: Microsoft Internet Explorer setCapture Memory Corruption Vulnerability Uninitialized Memory Corruption Vulnerability (CVE-2009-1529, MS09-019) Vulnerability Reported The specific vulnerability exists when calling the setCapture method on a range of objects. When setCapture is called on a collection of specially crafted objects memory becomes corrupted. When the capture is released, arbitrary memory is accessed potentially leading to remote code execution. Exploitation of this vulnerability will lead to system compromise under the credentials of the currently logged in user. |
| 2009-01-21 |
iDefense Microsoft Active Directory Hexdecimal DN AttributeValue Invalid Free Vulnerability Active Directory Invalid Free Vulnerability (CVE-2009-1138, MS09-018) Vulnerability Reported Exploitation allows an attacker to consume all available virtual memory on the affected system. To exploit this vulnerability, an attacker must be able to establish a TCP session with the vulnerable machine. LDAP uses port 389 or, when encrypted, port 636. Additionally, LDAP requests are processed when connecting to the Global Catalog Server on ports 3268 or 3269. |
| 2009-01-15 |
Zero Day Initiative (ZDI) ZDI-09-037: Microsoft Internet Explorer Concurrent Ajax Request Memory Corruption Vulnerability HTML Object Memory Corruption Vulnerability (CVE-2009-1528, MS09-019) Vulnerability Reported The specific vulnerability exist due to improper AJAX request synchronization in Internet Explorer. When many asynchronous XMLHttpRequest are running concurrently memory corruption can occur that could be remotely exploited by a malicious attacker. |
| 2008-11-28 |
VUPEN Security VUPEN-SR-2008-06: Microsoft Office Word Document Parsing Buffer Overflow Vulnerability Word Buffer Overflow Vulnerability (CVE-2009-0565, MS09-027) Vulnerability Reported This vulnerability is caused by a buffer overflow error within the parsing of certain data within a Word file, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted document. |
| 2008-10-08 |
Core Security Technologies CORE-2008-0826: Internet Explorer Security Zone restrictions bypass Cross-Domain Information Disclosure Vulnerability (CVE-2009-1140, MS09-019) Vulnerability Reported The bug is related to a lack of enforcement of security policies assigned to URL Security Zones when content from the corresponding zone is loaded and rendered from a local file. These issues have been found in the way that security policies are applied when a URI is specified in the UNC form (i.e., '\\MACHINE_NAME_OR_IP\PATH_TO_RESOURCE'). |
| 2008-07-08 |
Zero Day Initiative (ZDI) ZDI-09-035: Microsoft Word Document Stack Based Buffer Overflow Vulnerability Word Buffer Overflow Vulnerability (CVE-2009-0563, MS09-027) Vulnerability Reported The specific flaw exists within the parsing of vulnerable tags inside a Microsoft Word document. Microsoft Word trusts a length field read from the file which is used to read file contents into a buffer allocated on the stack. When an invalid length is present, a stack based buffer overflow occurs, resulting in the ability to execute arbitrary code. |