Published: 2008-12-14T16:59+00:00
Last Updated: 2008-12-28T07:33+00:00
TRTA08-344A
Microsoft Updates for Multiple Vulnerabilities
Overview
Microsoft has released updates that address vulnerabilities in Microsoft Windows, Internet Explorer, Word, Excel, SharePoint Server, Visual Basic 6 and related components.
Event Information
| Date (UTC) | Description |
| 2008-12-12 |
Bugtraq MS Visual Basic ActiveX Controls mscomct2.ocx Buffer Overflow PoC Windows Common AVI Parsing Overflow Vulnerability (CVE-2008-4255, MS08-070) #Cid: 32613.pl |
| 2008-12-10 02:41 |
JPCERT/CC JPCERT-AT-2008-0022: December 2008 Microsoft Security Bulletin (including six critical patche) |
| 2008-12-09 23:35 |
US-CERT TA08-344A: Microsoft Updates for Multiple Vulnerabilities Via US-CERT Mailing List |
| 2008-12-09 23:32 |
Insomnia Security ISVA-081209.1: IE Webdav Request Parsing Heap Corruption Vulnerability HTML Objects Memory Corruption Vulnerability (MS08-073, CVE-2008-4259) A vulnerability was found in the way that webdav requests are cached and then later retrieved by Internet Explorer. This results in the use of uninitialized memory which under the right situation can lead to command execution. |
| 2008-12-09 20:45 |
Microsoft MS08-DEC: Microsoft Security Bulletin Summary for December 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-12-09 20:36 |
SANS Internet Storm Center December Black Tuesday Overview Overview of the December 2008 Microsoft patches and their status. |
| 2008-12-09 18:13 |
US-CERT Microsoft Releases December Security Bulletin US-CERT Current Activity Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Developer Tools and Software, and Server Software as part of the Microsoft Security Bulletin Summary for December 2008. These vulnerabilities may allow an attacker to execute arbitrary code or escalate privileges. |
| 2008-12-09 |
IBM Internet Security Systems Microsoft Windows search-ms protocol code execution Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the improper validation of parameters when parsing the search-ms protocol. |
| 2008-12-09 |
IBM Internet Security Systems Microsoft Internet Explorer embedded object code execution Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of certain embedded objects within a Web page. |
| 2008-12-09 |
IBM Internet Security Systems Microsoft Windows GDI WMF image file integer overflow The Microsoft Windows GDI is vulnerable to an integer overflow, caused by improper handling of integer calculations within a WMF image file. |
| 2008-12-09 |
IBM Internet Security Systems Microsoft Internet Explorer HTML objects uninitialized memory code execution Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by improper handling of certain HTML objects when attempting to access uninitialized memory. |
| 2008-12-04 21:48 |
Microsoft MS08-DEC: Microsoft Security Bulletin Advance Notification for December 2008 Included in this advisory are updates for newly discovered vulnerabilities. |
| 2008-09-16 |
Zero Day Initiative (ZDI) ZDI-08-083: Microsoft Animation ActiveX Control Malformed AVI Parsing Code Execution Vulnerability Windows Common AVI Parsing Overflow Vulnerability (MS08-070, CVE-2008-4255) Vulnerability Reported |
| 2008-09-02 |
Secunia Research 2008-36: Microsoft Excel NAME Record Array Indexing Vulnerability Excel Global Array Memory Corruption Vulnerability (CVE-2008-4266, MS08-074) Vulnerability Reported |
| 2008-08-26 |
iDefense Microsoft Internet Explorer HTML Tag Long File Name Extension Stack Buffer Overflow Vulnerability HTML Rendering Memory Corruption Vulnerability (MS08-073, CVE-2008-4261) Vulnerability Reported On Internet Explorer 5.01 a function return address can be overwritten with attacker controlled data which results in an exploitable condition. However on Internet Explorer 6 the vulnerability will only overflow one byte. |
| 2008-08-19 |
Zero Day Initiative (ZDI) ZDI-08-086: Microsoft Office Word Document Table Property Stack Overflow Vulnerability Word Memory Corruption Vulnerability (MS08-072, CVE-2008-4837) Vulnerability Reported |
| 2008-07-21 |
iDefense Microsoft Excel Malformed Object Memory Corruption Vulnerability File Format Parsing Vulnerability (MS08-074, CVE-2008-4265) Vulnerability Reported This issue exists in the handling of certain malformed object records within an Excel spreadsheet (XLS), allowing memory corruption to occur. This could lead to an exploitable situation. |
| 2008-06-25 |
Zero Day Initiative (ZDI) ZDI-08-085: Microsoft Office RTF Drawing Object Heap Overflow Vulnerability Word RTF Object Parsing Vulnerability (MS08-072, CVE-2008-4028) Vulnerability Reported |
| 2008-05-21 |
iDefense Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability GDI Integer Overflow Vulnerability (MS08-071, CVE-2008-2249) Vulnerability Reported This vulnerability also can be triggered through e-mail. If the e-mail client can automatically display images embedded in the e-mail, the user only needs to open the e-mail to trigger the vulnerability. Currently an EMF file is used as a test attack vector. Outlook and Outlook Express will automatically display EMF images and trigger the vulnerability. Lotus Notes and Thunderbird do not display EMF images in e-mail directly, but the vulnerability still can be triggered when opening or viewing the EMF attachment. |
| 2008-05-19 |
Zero Day Initiative (ZDI) ZDI-08-084: Microsoft Office RTF Consecutive Drawing Object Parsing Heap Corruption Vulnerability Word RTF Object Parsing Vulnerability (MS08-072, CVE-2008-4027) Vulnerability Reported |
| 2008-05-19 |
Zero Day Initiative (ZDI) ZDI-08-087: Microsoft Internet Explorer Webdav Request Parsing Heap Corruption Vulnerability HTML Objects Memory Corruption Vulnerability (MS08-073, CVE-2008-4259) Vulnerability Reported |
| 2008-05-16 |
Secunia Research 2008-21: Microsoft Word RTF Polyline/Polygon Integer Overflow Word RTF Object Parsing Vulnerability (CVE-2008-4025, MS08-072) Vulnerability Reported |
| 2008-03-13 |
Core Security Technologies CORE-2008-0228: Microsoft Word Malformed FIB Arbitrary Free Vulnerability Word Memory Corruption Vulnerability (MS08-072, CVE-2008-4024) Vulnerability Reported A vulnerability has been found in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. |