HOME > ADVISORIES


   ADVISORY

CERT-In Advisory CIAD-2010-28
Multiple Vulnerabilities in Microsoft Windows, SMB Client, Windows Media Services, Microsoft MPEG Layer-3 codecs, Windows Media Player, Windows Kernel, VBScript Scripting Engine, Microsoft Office Publisher, Microsoft Office Visio, Microsoft Exchange and Windows ISATAP Component

Original issue date: April 15, 2010

Systems Affected

  • Microsoft Windows 2000
  • Microsoft Windows XP
  • Windows Server 2003
  • Microsoft Windows Vista
  • Windows Server 2008
  • Microsoft Windows 7
  • Windows Server 2008 R2

Components affected

  • Microsoft Office Publisher
  • Microsoft Office Visio
  • Microsoft Windows Media Services
  • Windows Media Player
  • Microsoft MPEG Layer-3 Codecs
  • VBScript Scripting Engine
  • Windows ISATAP Component
  • Microsoft Exchange Server

Overview

Multiple vulnerabilities have been reported in Microsoft Windows, SMB Client, Windows Media Services, Microsoft MPEG Layer-3 codecs, Windows Media Player, Windows Kernel, VBScript Scripting Engine, Microsoft Office Publisher, Microsoft Office Visio, Microsoft Exchange and Windows ISATAP Component

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin
Severity
CERT-In Vulnerability Notes
MS10-019: Vulnerabilities in Windows Could Allow Remote Code Execution High

CIVN-2010-113:
Microsoft Windows Remote Code Execution Vulnerabilities
MS10-020: Vulnerabilities in SMB Client Could Allow Remote Code Execution High CIVN-2010-114:
Microsoft Server Message Block (SMB) Client Multiple Vulnerabilities
MS10-021: Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege Medium CIVN-2010-115:
Microsoft Windows Kernel Privilege Escalation and Denial of Service Vulnerabilities
MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution Medium CIVN-2010-40:
Updated: April 15, 2010
Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability
MS10-023: Vulnerability in Microsoft Office Publisher Could Allow Remote Code Execution High CIVN-2010-116:
Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability
MS10-024: Vulnerabilities in Microsoft Exchange and Windows SMTP Service Could Allow Denial of Service Medium CIVN-2010-117:
Microsoft Exchange and Windows SMTP Service Vulnerabilities
MS10-025: Vulnerability in Microsoft Windows Media Services Could Allow Remote Code Execution High CIVN-2010-118:
Microsoft Windows Media Services Remote Code Execution Vulnerability
MS10-026: Vulnerability in Microsoft MPEG Layer-3 Codecs Could Allow Remote Code Execution High CIVN-2010-119:
Microsoft Windows MPEG Layer-3 Codecs Buffer Overflow Vulnerability
MS10-027: Vulnerability in Windows Media Player Could Allow Remote Code Execution High CIVN-2010-120:
Microsoft Windows Media Player ActiveX Control Media Processing Code Execution Vulnerability
MS10-028: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution Low CIVN-2010-121:
Microsoft Office Visio Memory Corruption Vulnerabilities
MS10-029: Vulnerability in Windows ISATAP Component Could Allow Spoofing High

CIVN-2010-122:
Microsoft Windows ISATAP Component IPv6 Address Spoofing vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin April 2010
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms10-apr.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

 

 
Home || Feedback || FAQ || Disclaimer