CERT-In:Indian Computer Emergency Response Team

HOME > ADVISORIES

ADVISORIES

CERT-In Advisory CIAD-2008-20
Multiple Vulnerabilities in Microsoft Windows and Office Components: Microsoft Project, Microsoft Visio, Internet Explorer, Windows DNS Client, Windows Kernel, VBScript and JScript

Original issue date: April 10, 2008

Systems Affected

Microsoft Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows Server 2008
Microsoft Project
Microsoft Visio
Internet Explorer
DNS Client
Windows Kernel
VBScript and JScript

Overview

Multiple Vulnerabilities have been reported in various Microsoft Windows and Office Components: Microsoft Project, Microsoft Visio, Internet Explorer, Windows DNS Client, Windows Kernel, VBScript and JScript

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS08-018:Vulnerability in Microsoft Project Could Allow Remote Code Execution	High	CIVN-2008-37: Microsoft Project Memory Validation Vulnerability
MS08-019:Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution	Medium	CIVN-2008-38: Microsoft Visio Object Header and Memory Validation Vulnerabilities
MS08-020:Vulnerability in DNS Client Could Allow Spoofing	Medium	CIVN-2008-39: Microsoft DNS stub resolver Spoofing Vulnerability
MS08-021:Vulnerabilities in GDI Could Allow Remote Code Execution	High	CIVN-2008-40: Microsoft Windows GDI Files Remote Code Execution Vulnerability
MS08-022: Vulnerability in VBScript and JScript Scripting Engines Could Allow Remote Code Execution	High	CIVN-2008-41: Microsoft Windows VBScript and JScript Remote Code Execution Vulnerability
MS08-023: Security Update of ActiveX Kill Bits	High	CIVN-2008-42: Microsoft Internet Explorer 'hxvz.dll' ActiveX Control Memory Corruption Vulnerability
MS08-024: Cumulative Security Update for Internet Explorer	High	CIVN-2008-43: Microsoft Data Stream Handling Memory Corruption Vulnerability
MS08-025:Vulnerability in Windows Kernel Could Allow Elevation of Privilege	Medium	CIVN-2008-44: Windows Kernel Elevation of Privilege Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin April 2008
http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-apr.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Advisory CIAD-2008-20 Multiple Vulnerabilities in Microsoft Windows and Office Components: Microsoft Project, Microsoft Visio, Internet Explorer, Windows DNS Client, Windows Kernel, VBScript and JScript

CERT-In Advisory CIAD-2008-20
Multiple Vulnerabilities in Microsoft Windows and Office Components: Microsoft Project, Microsoft Visio, Internet Explorer, Windows DNS Client, Windows Kernel, VBScript and JScript