Published: 2008-08-13T14:26+00:00
Last Updated: 2008-12-28T00:55+00:00
TRTA08-225A
Microsoft Updates for Multiple Vulnerabilities
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Office, and Internet Explorer.
Event Information
| Date (UTC) | Description |
| 2008-10-12 |
Bugtraq MS Windows InternalOpenColorProfile Heap Overflow PoC (MS08-046) Microsoft Color Management System Vulnerability (MS08-046, CVE-2008-2245) #Cid: 2008-emf_MS08-046.rar #Cid: 30594.rar #Tested: Windows XP PRO SP2 #Tested: cpe:/o:microsoft:windows_xp::sp2:professional |
| 2008-08-13 02:39 |
Microsoft Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-042 to address this issue. |
| 2008-08-13 02:39 |
Microsoft Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS08-041 to address this issue. |
| 2008-08-13 02:39 |
Microsoft MS08-AUG: Microsoft Security Bulletin Summary for August 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-08-13 01:25 |
JPCERT/CC JPCERT-AT-2008-0015: August 2008 Microsoft Security Bulletin (including six critical patches) |
| 2008-08-12 20:29 |
SANS Internet Storm Center August 2008 Black Tuesday Overview Overview of the August 2008 Microsoft patches and their status. |
| 2008-08-12 19:52 |
US-CERT TA08-225A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-08-12 18:16 |
Symantec ThreatCON (1) => (2) The ThreatCon is at level 2. Microsoft has released the scheduled security bulletins for the month of August 2008. |
| 2008-08-11 16:41 |
US-CERT Microsoft Releases August Security Bulletin US-CERT Current Activity US-CERT is aware of public reports of a vulnerability that affects Webex Meeting Manager. This vulnerability is due to improper handling of arguments passed to the "NewObject()" method within the WebexUCFObject ActiveX control (atucfobj.dll). By convincing a user to visit a specially crafted web page, a remote attacker may be able to execute arbitrary code. |
| 2008-07-09 10:04 |
Trend Micro Let the Games Begin TrendLabs | Malware Blog - by Trend Micro |
| 2008-07-09 03:13 |
Microsoft Microsoft Security Advisory (953635): Vulnerability in Microsoft Word Could Allow Remote Code Execution Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244) Advisory published. Microsoft is investigating new public reports of a possible vulnerability in Microsoft Office Word 2002 Service Pack 3. |
| 2008-07-09 02:20 |
SANS Internet Storm Center Unpatched Word Vulnerability (Version: 1) What a busy day! Microsoft just released an advisory with details about a new vulnerability in Word, which is currently being exploited in targeted attacks. |
| 2008-07-09 |
Trend Micro TROJ_MDROPPER.ZT Exploit for Word Record Parsing Vulnerability (MS08-042, CVE-2008-2244) |
| 2008-07-08 13:01 |
US-CERT Microsoft Releases Security Advisory for Word Vulnerability US-CERT Current Activity Microsoft has released a Security Advisory to address a vulnerability in Microsoft Word. The advisory indicates that this vulnerability affects Microsoft Office Word 2002 Service Pack 3. By convincing a user to open a specially crafted Word file, a remote attacker may be able to execute arbitrary code or cause a denial-of-service condition. Additionally, the advisory indicates that Microsoft is aware of limited, targeted attacks attempting to exploit this vulnerability. |
| 2008-07-08 06:55 |
Microsoft Security Response Center Blog Microsoft Security Advisory 953635 |
| 2008-07-07 18:19 |
Microsoft Microsoft Security Advisory (955179): Vulnerability in the ActiveX Control for theSnapshot Viewer for Microsoft Access Could Allow Remote CodeExecution Snapshot Viewer Arbitrary File Download Vulnerability (MS08-041, CVE-2008-2463) Advisory published. |
| 2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-051: Microsoft Internet Explorer Table Layout Memory Corruption Vulnerability HTML Objects Memory Corruption Vulnerability (MS08-045, CVE-2008-2258) Vulnerability Reported |
| 2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-050: Microsoft Internet Explorer XHTML Rendering Memory Corruption Vulnerability HTML Objects Memory Corruption Vulnerability (MS08-045, CVE-2008-2257) Vulnerability Reported |
| 2008-04-16 |
Zero Day Initiative (ZDI) ZDI-08-048: Microsoft Excel COUNTRY Record Memory Corruption Vulnerability Excel Record Parsing Vulnerability (MS08-043, CVE-2008-3006) Vulnerability Reported |
| 2008-04-10 |
iDefense Microsoft Windows Color Management Module Heap Buffer Overflow Vulnerability Microsoft Color Management System Vulnerability (MS08-046, CVE-2008-2245) Vulnerability Reported This vulnerability specifically exists in the InternalOpenColorProfile function in mscms.dll. When a malformed parameter is supplied, a heap-based buffer overflow can occur, resulting in an exploitable condition. |
| 2008-03-27 |
iDefense Microsoft Excel FORMAT Record Invalid Array Index Vulnerability Excel Index Array Vulnerability (MS08-043, CVE-2008-3005) Vulnerability Reported This issue exists in the handling of "FORMAT" records within an Excel spreadsheet (XLS). By crafting a spreadsheet with an out-of-bounds array index, attackers are able to cause Excel to write a byte to arbitrary locations in stack memory. |
| 2008-03-27 |
iDefense Microsoft Excel Chart AxesSet Invalid Array Index Vulnerability Excel Indexing Validation Vulnerability (MS08-043, CVE-2008-3004) Vulnerability Reported This issue exists in the handling of "AxesSet" records within a chart embedded in a spreadsheet. This record is typically used for setting the location and size of a set of axes on a chart. This particular record type is not included in Microsoft's official documentation for the Excel file format. However, the freely available source code for OpenOffice implements this record type. |
| 2007-09-28 |
iDefense Microsoft PowerPoint Viewer 2003 Cstring Integer Overflow Vulnerability Memory Allocation Vulnerability (MS08-051, CVE-2008-0120) Vulnerability Reported This vulnerability specifically exists when handling CString objects embedded in a PowerPoint presentation file. An issue in this object results in a very small amount of buffer being allocated while a very large amount of data is copied into it. This leads to an exploitable heap-based buffer overflow. |
| 2007-09-28 |
iDefense Microsoft PowerPoint Viewer 2003 Out of Bounds Array Index Vulnerability Memory Calculation Vulnerability (MS08-051, CVE-2008-0121) Vulnerability Reported This vulnerability specifically exists in PowerPoint Viewer 2003 when handling certain records in a PowerPoint presentation file. In some circumstances, an array index can be directly controlled by data from within the PowerPoint presentation file. Thus, a function pointer can be directly controlled by the attacker and leveraged for arbitrary code execution. |
| 2006-11-07 |
iDefense Microsoft Office WPG Image File Heap Buffer Overflow Vulnerability Microsoft Office WPG Image File Heap Corruption Vulnerability (MS08-044, CVE-2008-3460) Vulnerability Reported This vulnerability specifically lies within the "WPGIMP32.FLT" module. A heap overflow can occur when processing a malformed Wordperfect Graphics (WPG) file. By corrupting heap memory, it is possible to execute arbitrary code. |
| 2006-09-14 |
Zero Day Initiative (ZDI) ZDI-08-049: Microsoft Windows Graphics Rendering Engine PICT Heap Corruption Microsoft PICT Filter Parsing Vulnerability (MS08-044, CVE-2008-3021) Vulnerability Reported |
| 2006-09-11 |
iDefense Microsoft Office BMP Input Filter Heap Overflow Vulnerability Microsoft Malformed BMP Filter Vulnerability (MS08-044, CVE-2008-3020) Vulnerability Reported The vulnerability specifically exists in the handling of Windows Bitmap (BMP) image files with malformed headers. By specifying a very large number of colors in the header, it is possible to cause controllable heap corruption, which can be leveraged to execute arbitrary code. |