Published: 2009-07-16T05:54+00:00
Last Updated: 2009-07-26T03:11+00:00
JVNTR-2009-17
Microsoft Updates for Multiple Vulnerabilities (TA09-195A)
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, DirectShow, Virtual PC and Server, Office Publisher, and ISA Server.
Event Information
| Date (UTC) | Description |
| 2009-07-20 17:00 |
Symantec ThreatCON (2) => (1) |
| 2009-07-15 01:56 |
JPCERT/CC JPCERT-AT-2009-0013: July 2009 Microsoft Security Bulletin (including three critical patches) |
| 2009-07-14 21:35 |
US-CERT TA09-195A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2009-07-14 20:43 |
Microsoft ms09-jul: Microsoft Security Bulletin Summary for July 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-07-14 19:16 |
Microsoft Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-032 to address this issue. |
| 2009-07-14 19:16 |
Microsoft Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS09-028 to address this issue. |
| 2009-07-14 17:34 |
SANS Internet Storm Center Microsoft July Black Tuesday Overview Overview of the July 2009 Microsoft patches and their status. |
| 2009-07-14 17:28 |
Symantec ThreatCON (2) => (2) On July 14, 2009, Microsoft released six Security Bulletins. The DeepSight Threat Analysis Team urges customers to apply the updates contained in these bulletins as soon as possible. |
| 2009-07-14 17:17 |
US-CERT Microsoft Releases July Security Bulletin US-CERT Current Activity Microsoft has released an update to address vulnerabilities in Microsoft Windows, Virtual PC, Virtual Server, ISA Server, and Office as part of the Microsoft Security Bulletin Summary for July 2009. These vulnerabilities may allow an attacker to execute arbitrary code or operate with elevated privileges. |
| 2009-07-10 10:20 |
Microsoft ms09-jul: Microsoft Security Bulletin Advance Notification for July 2009 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2009-07-10 |
Bugtraq MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit Vulnerability Proof Of Concept (CVE-2008-0015) #Cid: 35558.py |
| 2009-07-06 17:51 |
Microsoft Microsoft Security Advisory (972890): Vulnerability in Microsoft Video ActiveX Control Could Allow Remote Code Execution Advisory published. Microsoft is investigating a privately reported vulnerability in Microsoft Video ActiveX Control. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. When using Internet Explorer, code execution is remote and may not require any user intervention. |
| 2009-06-17 |
TippingPoint TPTI-09-05: Microsoft DirectShow QuickTime Atom Parsing Memory Corruption Vulnerability DirectX Size Validation Vulnerability (CVE-2009-1539, MS09-028) Vulnerability Reported The specific flaw exists within Microsoft's DirectShow module quartz.dll. While parsing Quicktime atoms the NumberOfEntries field is trusted and if modified can control the location of several pointers meant to track stream positions. Specifying values that are larger than the number of bytes left to process in the input file will cause corruption that can be leveraged to execute arbitrary code. |
| 2009-05-29 01:38 |
Microsoft Microsoft Security Advisory (971778): Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution Advisory published. Microsoft has confirmed new public reports of a vulnerability in the Microsoft DirectX. |
| 2009-05-28 22:56 |
SANS Internet Storm Center Microsoft DirectShow vulnerability Microsoft have recently announced a Microsoft DirectShow vulnerability via an advisory and multiple blog entries. |
| 2009-05-28 22:21 |
Symantec ThreatCON (2) => (2) Microsoft has released an out-of-cycle security bulletin and workarounds that address a serious flaw affecting Microsoft DirectX. |
| 2009-01-08 |
iDefense Microsoft Office Publisher 2007 Arbitrary Pointer Dereference Vulnerability Pointer Dereference Vulnerability (CVE-2009-0566, MS09-030) Vulnerability Reported Exploitation of this vulnerability would allow an attacker to execute arbitrary code on the affected system within the security context of the local user running Publisher. Thus, the level of compromise would depend upon the security context of that user. |
| 2008-09-23 |
Zero Day Initiative (ZDI) ZDI-09-045: Microsoft DirectShow Quicktime Atom Parsing Memory Corruption Vulnerability DirectX Size Validation Vulnerability (CVE-2009-1539, MS09-028) Vulnerability Reported The specific flaw exists within the parsing of the length records of certain QuickTime atoms. The application implicitly trusts the length during a transformation which will lead to memory corruption and can be leveraged to execute arbitrary code under the context of the current user. |
| 2008-08-25 |
iDefense Microsoft Embedded OpenType Font Engine (T2EMBED.DLL) Heap Buffer Overflow Vulnerability Embedded OpenType Font Heap Overflow Vulnerability (CVE-2009-0231, MS09-029) Vulnerability Reported Exploitation of this vulnerability results in the execution of arbitrary code in the context of the application processing the malicious font file. All applications that support Embedded OpenType Fonts using the T2EMBED library are likely to be vulnerable. |