CERT-In Advisory CIAD-2008-40
Multiple Vulnerabilities in Microsoft Windows Messenger, Windows Mail, Outlook Express, Access, Internet Explorer, Microsoft Office (Word, Excel, Powerpoint), IPsec Policy Processing and Color Mangement System
Original issue date:
August 14, 2008
Systems Affected
- Windows 2000
- Windows XP
- Windows Server 2003
- Windows Vista
- Windows Server 2008
- Windows Event System
- Internet Explorer
- Microsoft Outlook Express
- Microsoft Access
- Microsoft Office
- Microsoft Word
- Microsoft Excel
- Microsoft Power Point
- Microsoft Windows Messenger
- Image Color Management System
- Microsoft Windows IPSec Policy Processing
Overview
Multiple vulnerabilities have been reported in various Microsoft products and components such as Microsoft Windows Event System, Messenger, Windows Mail, Outlook Express, Access, Internet Explorer, Microsoft Office (Word, Excel, Powerpoint), IPsec Policy Processing and Color Mangement System.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS08-041: Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution |
High |
CIVN-2008-106:
(Updated: August 14, 2008)
Microsoft Access Snapshot Viewer ActiveX control remote code execution vulnerability |
| MS08-042: Vulnerability in Microsoft Word Could Allow Remote Code Execution |
Medium |
CIVN-2008-104:
(Updated: August 14, 2008)
Microsoft Word Memory Corruption Vulnerability |
| MS08-043: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution |
High |
CIVN-2008-123: Multiple Vulnerabilities in Microsoft Excel |
| MS08-044: Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution |
High |
CIVN-2008-124: Multiple Vulnerabilities in Microsoft Office Filters |
| MS08-045: Cumulative Security Update for Internet Explorer |
High |
CIVN-2008-125: Multiple Remote Code Execution Vulnerabilities in Microsoft Internet Explorer |
| MS08-046: Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution |
High |
CIVN-2008-126: Microsoft Windows Image Color Management System Remote Code Execution Vulnerability |
| MS08-047: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure |
Medium |
CIVN-2008-127: IPsec Policy Processing Information Disclosure Vulnerability |
| MS08-048: Security Update for Outlook Express and Windows Mail |
Medium |
CIVN-2008-128: Microsoft Outlook Express and Windows Mail MHTML Handler Cross-Domain Information Disclosure Vulnerability |
| MS08-049: Vulnerabilities in Event System Could Allow Remote Code Execution |
Medium |
CIVN-2008-129: Microsoft Windows Event System Array Index Verification & ‘User Subscription Request’ Vulnerabilities |
| MS08-050: Vulnerability in Windows Messenger Could Allow Information Disclosure |
Medium |
CIVN-2008-130: Microsoft Windows Messenger ActiveX Control Information Disclosure Vulnerability |
| MS08-051: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution |
High |
CIVN-2008-131: Multiple Vulnerabilities in Microsoft PowerPoint
|
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin August 2008
http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-aug.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
