HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2008-51
Multiple Vulnerabilities in Microsoft Windows, Microsoft Internet Explorer, Microsoft Host Intergation Server, Microsoft Office Share Point Server and Microsoft Office

Original issue date: October 16, 2008

Systems Affected

  • Windows 2000
  • Windows XP
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Microsoft Internet Explorer
  • Microsoft Host Integration Server 2000
  • Microsoft Host Integratin Server 2004
  • Microsoft Host Integration Server 2006
  • Microsoft Office Share Point Server 2007
  • Microsoft Office
    • Microsoft Office 2000
    • Microsoft Office XP
    • Microsoft Office 2003
    • Microsoft Office System 2007
    • Microsoft Office 2004 for MAC
    • Microsoft Office 2008 for MAC

Overview

Multiple vulnerabilities have been reported in various Microsoft products and components such as Microsoft Windows, Microsoft Internet Explorer, Microsoft Host Intergation Server, Microsoft Office Share Point Server and Microsoft Office.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin
Severity
CERT-In Vulnerability Notes
MS08-056: Vulnerability in Microsoft Office Could Allow Information Disclosure Low CIVN-2008-157:
Microsoft Office CDO URI Handling Cross-Site Scripting Vulnerability
MS08-057: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution High CIVN-2008-158:
 Multiple Vulnerabilities in Microsoft Excel
MS08-058: Cumulative Security Update for Internet Explorer High CIVN-2008-159:
 Microsoft Internet Explorer Multiple Cross-Domain Vulnerabilities
MS08-059: Vulnerability in Host Integration Server RPC Service Could Allow Remote Code Execution High CIVN-2008-160:
 Microsoft Host Integration Server Remote Command Execution Vulnerability
MS08-060: Vulnerability in Active Directory Could Allow Remote Code Execution High CIVN-2008-161: Microsoft Windows Active Directory Buffer Overflow Vulnerability
MS08-061: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege Medium CIVN-2008-162:
 Multiple Vulnerabilities in Windows Kernel
MS08-062: Vulnerability in Windows Internet Printing Service Could Allow Remote Code Execution Medium CIVN-2008-163:
 Microsoft Windows IPP Service Integer Overflow Vulnerability
MS08-063: Vulnerability in SMB Could Allow Remote Code Execution Medium CIVN-2008-164:
 Microsoft Windows SMB Buffer Underflow Vulnerability
MS08-064: Vulnerability in Virtual Address Descriptor Manipulation Could Allow Elevation of Privilege Medium CIVN-2008-165:
 Microsoft Windows Virtual Address Descriptor Privilege Escalation Vulnerability
MS08-065: Vulnerability in Message Queuing Could Allow Remote Code Execution Medium CIVN-2008-166: Microsoft Message Queuing Service Remote Code Execution Vulnerability
MS08-066: Vulnerability in the Microsoft Ancillary Function Driver Could Allow Elevation of Privilege Medium CIVN-2008-167: Microsoft Ancillary Function Driver (AFD) Kernel Overwrite Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin October 2008
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms08-oct.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

 

 
Home || Feedback || FAQ || Disclaimer