CERT-In Advisory CIAD-2009-19
Multiple Vulnerabilities in Microsoft DirectShow, Windows Excel, WordPad, Office Text Converters, Windows HTTP Services, Internet Explorer, Windows SearchPath, Microsoft ISA Server and Forefront Threat Management Gateway
Original issue date:
April 15, 2009
Systems Affected
- Microsoft Windows 2000
- Microsoft Windows XP
- Microsoft Windows Server 2003
- Microsoft Office 2000
- Microsoft Office XP
- Microsoft Office Converter Pack
- Microsoft Windows Vista
- Microsoft Windows Server 2008
Microsoft Office Excel
- Microsoft Office Excel Viewer
- Microsoft Office Compatibility Pack for Office File Formats
- Microsoft Office for Mac
- Microsoft Internet Explorer
- Microsoft DirectX
- Forefront Threat Management Gateway,
Medium Business Edition
- Microsoft ISA Server 2006
- Microsoft ISA Server 2004
Overview
Multiple vulnerabilities have been reported in various Microsoft products and components such as Microsoft DirectShow, Windows Excel, WordPad, Office Text Converters, Windows HTTP Services, Internet Explorer, Windows SearchPath, Microsoft ISA Server and Forefront Threat Management Gateway.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS09-009: Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution |
High |
CIVN-2009-47:
Microsoft Office Excel Remote Code Execution
|
| MS09-010: Vulnerabilities in WordPad and Office Text Converters Could Allow Remote Code Execution |
High |
CIVN-2009-48:
Memory Corruption Vulnerabilities in WordPad and Office Text Converters |
| MS09-011: Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution |
High |
CIVN-2009-49:
Remote Code Execution Vulnerability in Microsoft DirectShow |
| MS09-012: Vulnerabilities in Windows Could Allow Elevation of Privilege |
High |
CIVN-2009-50:
Microsoft Windows Multiple Privilege Escalation Vulnerabilities |
| MS09-013: Vulnerabilities in Windows HTTP Services Could Allow Remote Code Execution |
High |
CIVN-2009-51:
Multiple Vulnerabilities in Microsoft Windows HTTP Services |
| MS09-014: Cumulative Security Update for Internet Explorer |
High |
CIVN-2009-52:
Multiple Vulnerabilities in Microsoft Internet Explorer |
| MS09-015: Blended Threat Vulnerability in SearchPath Could Allow Elevation of Privilege |
Medium |
CIVN-2009-53:
Remote code execution vulnerability in SearchFunction of Microsoft Windows
|
| MS09-016: Vulnerabilities in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service |
Medium |
CIVN-2009-54:
Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Denial of Service vulnerabilities
|
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin April 2009
http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms09-apr.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
