Published: 2008-06-10T23:12+00:00
Last Updated: 2008-06-16T16:45+00:00
TRTA08-162B
Microsoft Updates for Multiple Vulnerabilities
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Windows Server, and Internet Explorer.
Event Information
| Date (UTC) | Description |
| 2008-06-11 00:57 |
JPCERT/CC JPCERT-AT-2008-0011: June 2008 Microsoft Security Bulletin (including three critical patches) |
| 2008-06-10 20:38 |
US-CERT TA08-162B: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-06-10 20:32 |
Microsoft MS08-JUN: Microsoft Security Bulletin Summary for June 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-06-10 18:37 |
Symantec ThreatCON (1) => (2) Microsoft has released seven new security bulletins addressing various vulnerabilities, some of which allow arbitrary code to run. Users are advised to review the bulletins and to apply the associated updates as soon as possible. |
| 2008-06-10 18:09 |
SANS Internet Storm Center June 2008 Black Tuesday Overview Overview of the June 2008 Microsoft patches and their status. |
| 2008-06-10 17:48 |
US-CERT Microsoft Releases June Security Bulletin US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Microsoft Windows and Internet Explorer as part of the Microsoft Security Bulletin Summary for June 2008. These vulnerabilities may allow an attacker to execute arbitrary code, obtain sensitive information, or cause a denial-of-service condition. |
| 2008-06-10 |
IBM Internet Security Systems Microsoft Windows MJPEG Codec Multiple Overflows MJPEG Decoder Vulnerability (MS08-033, CVE-2008-0011) The Microsoft MJPEG codec is vulnerable to multiple stack-based buffer overflows when parsing specially crafted files. A remote attacker could overflow the buffer and execute arbitary code within the context of the user viewing the malicious file. |
| 2008-06-10 |
IBM Internet Security Systems Microsoft Windows DirectX SAMI Code Execution SAMI Format Parsing Vulnerability (MS08-033, CVE-2008-1444) Microsoft Windows DirectX could allow a remote attacker to execute arbitrary code on the system. |
| 2008-02-07 |
Zero Day Initiative (ZDI) ZDI-08-039: Microsoft Internet Explorer DOM Ojbect substringData() Heap Overflow Vulnerability HTML Objects Memory Corruption Vulnerability (MS08-031, CVE-2008-1442) Vulnerability Reported The specific flaw exists in the substringData() method when called on a DOM object that has been manipulated in a special way. The attack results in an exploitable heap buffer allowing for code execution under the context of the current user. |
| 2008-01-21 |
Zero Day Initiative (ZDI) ZDI-08-040: Microsoft DirectX SAMI File Format Name Parsing Stack Overflow Vulnerability SAMI Format Parsing Vulnerability (MS08-033, CVE-2008-1444) Vulnerability Reported The specific flaw exists in the parsing of SAMI files. When handling the properties of a "Class Name" variable a lack of bounds checking can result in a stack overflow. Successful exploitation can lead to remote code execution under the credentials of the logged in user. |
| 2007-12-08 |
SECURIFY Securify bulletin: Microsoft Active Directory Denial-of-service Active Directory Vulnerability (MS08-035, CVE-2008-1445) Vulnerability Reported After receiving the LDAP request, the AD server returns a partial list of the requested data to the client. After an additional minute or so, the Windows initiates a controlled restart with a 60-second countdown timer. The shutdown dialog box displays status code -1073741819. |