CERT-In Advisory CIAD-2008-10
Multiple Vulnerabilities in various components of Microsoft Windows, Internet Explorer,IIS Server, Office, Active Directory, Works and Publisher
Original issue date:
February 13, 2008
Systems Affected
• Microsoft Windows 2000
• Microsoft Windows XP
• Microsoft Windows 2003
• Microsoft Windows Vista
• Microsoft Internet Explorer
• Microsoft IIS Server
• Microsoft Office
• Microsoft Works
• Microsoft Publisher
Overview
Multiple vulnerabilities have been reported in various components of Microsoft Windows, Internet Explorer,IIS Server, Office, Active Directory, Works and Publisher.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS08-003: Vulnerability in Active Directory Could Allow Denial of Service |
Medium |
CIVN-2008-10: Microsoft Active Directory Denial of Service Vulnerability |
| MS08-004: Vulnerability in Windows TCP/IP Could Allow Denial of Service |
Medium |
CIVN-2008-11: Windows Vista DHCP Packet Handling Denial of Service Vulnerability |
| MS08-005: Vulnerability in Internet Information Services Could Allow Elevation of Privilege |
Medium |
CIVN-2008-12: Microsoft IIS File Change Notification vulnerability |
| MS08-006:Vulnerability in Internet Information Services Could Allow Remote Code Execution |
Medium |
CIVN-2008-13: Remote Code Execution Vulnerability in Microsoft Internet Information Services (IIS) |
| MS08-007: Vulnerability in WebDAV Mini-Redirector Could Allow Remote Code Execution |
High |
CIVN-2008-14: Microsoft Windows WebDAV Mini-Redirector Buffer Overflow Vulnerability |
| MS08-008: Vulnerability in OLE Automation Could Allow Remote Code Execution |
High |
CIVN-2008-15: Microsoft Object Linking and Embedding (OLE) Automation Heap Based Buffer Overflow Vulnerability
|
MS08-009: Vulnerability in Microsoft Word Could Allow Remote Code Execution
|
High |
CIVN-2008-16: Microsoft Word Memory Corruption Vulnerability
|
MS08-010: Cumulative Security Update for Internet Explorer
|
High |
CIVN-2008-17: HTML Rendering Memory Corruption, Property Memory Corruption, Argument handling memory corruption and ActiveX object memory corruption vulnerabilities in Microsoft Internet Explorer |
| MS08-011: Vulnerabilities in Microsoft Works File Converter Could Allow Remote Code Execution |
Medium |
CIVN-2008-18: Microsoft Works File Converter Vulnerabilities |
| MS08-012: Vulnerabilities in Microsoft Office Publisher Could Allow Remote Code Execution |
High |
CIVN-2008-19: Microsoft Office Publisher Invalid Memory Reference and Memory Corruption Vulnerabilities
|
MS08-013: Vulnerability in Microsoft Office Could Allow Remote Code Execution
|
High |
CIVN-2008-20: Microsoft Office Object Parsing Memory Corruption Vulnerability
|
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin February 2008
http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-feb.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
