MAIN MEMBERS CALENDAR AEA NEWS CAREER EDUCATION CENTER CONTACT US  

PUBLIC EDUCATION ISSUES ACTION IN TRENTON FIND YOUR LOCAL AUTHORITES LINKS QUESTIONS?

 

Cyber Notices & Alerts

 

NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY

CSCIC ADVISORY NUMBER: 2008-045

DATE(S) ISSUED: 12/10/2008

SUBJECT: Microsoft SQL Server Remote Memory Corruption Vulnerability

OVERVIEW:
A vulnerability has been discovered in Microsoft SQL Server. Successful exploitation will result in an attacker gaining the same privileges as the MS SQL Server process. The attacker could then potentially access sensitive or confidential information, install programs, view, change, or delete data, or create new accounts.  There is no patch available at this time.

SYSTEMS AFFECTED:

    • Microsoft SQL Server 2000

    • Microsoft SQL Server 2005

RISK:

Government:

    • Large and medium government entities: High

    • Small government entities: High

Businesses:

    • Large and medium business entities: High

    • Small business entities: High

Home users: Low

DESCRIPTION:
Microsoft SQL Server 2000 and 2005 are prone to a remote memory-corruption vulnerability because they fail to properly handle user-supplied input.  This vulnerability has been confirmed on SQL Server 2000 and 2005. There is no information available regarding SQL Server 2008.

The vulnerability is caused due to a boundary error in the implementation of the 'sp_replwritetovarbin' SQL stored procedure.  By calling the extended stored procedure ‘sp_replwritetovarbin’, and supplying several uninitialized variables as parameters, it is possible to trigger a memory write to a controlled location. It may be possible to use this vulnerability to execute arbitrary code in the context of the vulnerable SQL server process. If the principle of Least Privilege has been followed, it would minimize the amount of damage an attacker could achieve.

In a default configuration, the ‘sp_replwritetovarbin’ stored procedure is accessible by any authenticated user. This vulnerability therefore may be exploited by any authenticated user with a direct database connection, or via SQL injection through a vulnerable application that connects to a vulnerable Microsoft SQL Server.

Proof of concept code for this vulnerability has been publicly released and verified in our lab. Reportedly, the researcher who discovered this issue has developed a working code-execution exploit for this issue. However, the exploit is not publicly available at this time.  With a working code-execution exploit, authenticated attackers may be able to exploit this issue in order to execute arbitrary code and compromise affected computers. Failed attacks will likely cause denial-of-service conditions.

It should be noted that applications with a SQL injection vulnerability may be able to be leveraged to exploit this vulnerability by anonymous attackers.

There is no patch available at this time.

RECOMMENDATIONS:
We recommend the following actions be taken:

    • Remove the ‘sp_replwritetovarbin’ extended stored procedure unless it is being used for critical business function.

    • Remove any stored procedures that are not being used.

    • Install the appropriate vendor patch as soon as it becomes available after appropriate testing.

    • Restrict SQL access to trusted users only.

    • Apply the principle of Least Privilege to all services.

    • Ensure that all web applications that connect to vulnerable MS SQL Servers are not vulnerable to SQL Injection attacks.

REFERENCES:

SEC-CONSULT

http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt

Microsoft

http://msdn.microsoft.com/en-us/library/aa215995(SQL.80).aspx

Security Focus

http://www.securityfocus.com/bid/32710/info

Secunia

  

NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY

CSCIC ADVISORY NUMBER: 2008-043

DATE(S) ISSUED: 12/10/2008

SUBJECT: Vulnerability in WordPad Text Converter Could Allow Remote Code Execution

OVERVIEW:
A new vulnerability has been discovered in the Microsoft Windows WordPad Text Converter for the Word 97 file format that would allow a remote attacker to take complete control of the vulnerable system. The WordPad Text Converter is a component that is installed by default that allows some applications to open Word documents if Word is not installed. This vulnerability can be exploited when a user opens a specially crafted Word 97 file using WordPad. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete files; or create new accounts with user rights.

It should be noted that this vulnerability is currently being exploited on the Internet and there is no patch available at this time.

SYSTEMS AFFECTED:

    • Windows 2000 SP4

    • Windows XP SP2

    • Windows XP Professional x64 Edition, SP2

    • Windows 2003 Server SP1, SP2

    • Windows 2003 Server for Itanium-based systems

    • Windows 2003 Server x64 Edition, SP2

RISK:

Government:

    • Large and medium government entities: High

    • Small government entities: High

Businesses:

    • Large and medium business entities: High

    • Small business entities: High

Home users: High

DESCRIPTION:

A new vulnerability has been identified in the Microsoft Windows WordPad Text Converter. This vulnerability affects the WordPad Text Converter and could be exploited when a user opens a specially crafted Word 97 file (.doc, .wri, or .rtf file extensions).  If Microsoft Word is installed, the .doc and the .rtf file will open by default in Word, which is not vulnerable to the exploit. However if the attacker uses the .wri file extension, the file would automatically open in WordPad. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete files; or create new accounts with user rights. This vulnerability cannot be automatically exploited through email. The user needs to open a malicious document.

It should be noted that this vulnerability is currently being exploited on the Internet and there is no patch available at this time.

We recommend that you follow the workaround instructions which can be found on Microsoft's website at the following location: http://www.microsoft.com/technet/security/advisory/960906.mspx. These instructions explain how to disable the WordPad Text Converter. This workaround will not correct the underlying vulnerability, but it will help in blocking known attack vectors.

RECOMMENDATIONS:
We recommend the following actions be taken:

    • Follow the workaround instructions for how to disable the WordPad Text Converter.

    • Do not open untrusted documents using WordPad.

    • Consider blocking .wri files at the network perimeter

    • Do not visit unknown or un-trusted Web sites.

    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

 

REFERENCES:

Microsoft:

http://www.microsoft.com/technet/security/advisory/960906.mspx

Security Focus:

http://www.securityfocus.com/bid/32718

Secunia:

http://secunia.com/Advisories/32997/

CVE

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4841


NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY

CSCIC ADVISORY NUMBER: 2008-042

DATE(S) ISSUED: 12/10/2008

SUBJECT: Multiple Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution

OVERVIEW:
Eight vulnerabilities have been discovered in Microsoft Office Word. These vulnerabilities can be exploited if a user opens a specially crafted document in Rich Text Format (RTF) or Word file, or views or previews a specially crafted email sent in RTF format on a system where Word is the default editor. It should be noted that Word is the default email editor for Microsoft Office.  Successful exploitation will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

SYSTEMS AFFECTED:

    • Microsoft Office 2000 SP3

    • Microsoft Office XP S P3

    • Microsoft Office 2003 SP 3

    • 2007 Microsoft Office System

    • 2007 Microsoft Office System SP1

    • Microsoft Office Word Viewer 2003

    • Microsoft Office Word Viewer 2003 SP3

    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

    • Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1

    • Microsoft Works 8

    • Microsoft Office 2004 for Mac

    • Microsoft Office 2008 for Mac

    • Open XML File Format Converter for Mac

RISK:

Government:

    • Large and medium government entities: High

    • Small government entities: High

Businesses:

    • Large and medium business entities: High

    • Small business entities: High

Home users: High

DESCRIPTION:
Eight vulnerabilities have been discovered in Microsoft Office Word which could allow for remote code execution.  These vulnerabilities are caused by the way that Microsoft Office Word handles specially crafted RTF documents and Word files. Three of these vulnerabilities are for Word Memory Corruption and can be exploited if a user opens a specially crafted Word file, or opens an attachment in an email message. The remaining five vulnerabilities are for Word RTF Object Parsing.  These can be exploited if a user opens a specially crafted RTF or Word file; or views or previews a specially crafted email message sent in RTF format where Word is the default editor. Word is the default editor for Microsoft Office. Successful exploitation of any of the vulnerabilities will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

RECOMMENDATIONS:
We recommend the following actions be taken:

    • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.

    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

    • Do not open email attachments from unknown or un-trusted sources.

    • Read all e-mail messages in plain text.

    • Turn off the preview pane on Microsoft Outlook.

    • Configure Microsoft Outlook to not use Word as the default editor.

REFERENCES:

Microsoft:

http://www.microsoft.com/technet/security/bulletin/MS08-072.mspx

 

CVE:

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4024

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4025

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4026

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4027

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4030

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4028

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4031

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4837

 

SecurityFocus:

http://www.securityfocus.com/bid/32579

http://www.securityfocus.com/bid/32580

http://www.securityfocus.com/bid/32581

http://www.securityfocus.com/bid/32583

http://www.securityfocus.com/bid/32584

http://www.securityfocus.com/bid/32585

http://www.securityfocus.com/bid/32594

http://www.securityfocus.com/bid/32642

 

Secunia:

http://secunia.com/advisories/30285/


NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER: 2008-041

DATE(S) ISSUED: 12/9/2008

SUBJECT: Vulnerabilities in Visual Basic 6.0 Runtime Extended Files (ActiveX Controls) Could Allow Remote Code Execution

OVERVIEW:
Six vulnerabilities have been discovered in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files. The Visual Basic 6.0 Runtime Extended Files include select ActiveX controls, libraries, and tools that are delivered with a variety of Microsoft products, such as Microsoft Project, Visual Studio, FoxPro, and FrontPage, as well as third party and custom written software. The identified vulnerabilities may be exploited if a user visits a specially crafted web page or opens a specially crafted HTML formatted email, which could allow an attacker to take complete control of an affected system. For all of the vulnerabilities, successful exploits could result in an attacker gaining the same privileges as the logged on user.  Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete files; or create new accounts with user rights.

SYSTEMS AFFECTED:

    • Microsoft Visual Basic Enterprise Edition for Windows, Version 6.0

    • Microsoft Visual Basic 6.0 Standard Edition

    • Microsoft Visual Basic Professional Edition for Windows 6.0

    • Microsoft Visual Studio .Net 2003 Service Pack 1, when used with:

      • Microsoft Visual Studio .NET 2003 Academic Edition

      • Microsoft Visual Studio .NET 2003 Enterprise Architect

      • Microsoft Visual Studio .NET 2003 Enterprise Developer

      • Microsoft Visual Basic .NET (2003)

      • Microsoft Visual C++ .NET (2003)

      • Microsoft Visual C# .NET 2003 Standard Edition

      • Microsoft Visual J# .NET (2003)

    • Microsoft Visual Studio .NET 2002 Service Pack 1, when used with:

      • Microsoft Visual Studio .NET (2002), Academic Edition

      • Microsoft Visual Studio .NET (2002), Enterprise Architect Edition

      • Microsoft Visual Studio .NET (2002), Enterprise Developer Edition

      • Microsoft Visual Basic .NET (2002)

      • Microsoft Visual C++ .NET (2002)

      • Microsoft Visual C# .NET (2002)

    • Visual FoxPro 8 SP1

    • Microsoft Visual FoxPro 9.0 Service Pack 1

    • Microsoft Visual FoxPro 9.0 Service Pack 2

    • Microsoft FrontPage 2002 Service Pack 3 (SP3)

    • Microsoft Office Project 2003 Service Pack 3

    • Microsoft Office Project Pro 2007

    • Microsoft Office Project Standard 2007

    • Microsoft Office Project 2007 Service Pack 1

RISK:

Government:

    • Large and medium government entities: High

    • Small government entities: High

Businesses:

    • Large and medium business entities: High

    • Small business entities: High

Home users: High

DESCRIPTION:
Six vulnerabilities have been discovered in the ActiveX controls for the Microsoft Visual Basic 6.0 Runtime Extended Files, that could allow an attacker to take complete control of an affected system. These vulnerabilities may be exploited if a user visits a specifically crafted web page or opens a specially crafted HTML formatted email. The following is a list of ActiveX controls that were found to be vulnerable along with their respective Class Identifiers (CLSID):

DataGrid ActiveX Control for Visual Basic 6
CLSID - CDE57A43-8B86-11D0-B3C6-00A0C90AEA82

FlexGrid ActiveX Control for Visual Basic 6
CLSID - 6262D3A0-531B-11CF-91F6-C2863C385E30

Hierarchical FlexGrid ActiveX Control for Visual Basic 6
CLSID - 0ECD9B64-23AA-11d0-B351-00A0C9055D8E

Windows Common ActiveX Control for Visual Basic 6
CLSID - B09DE715-87C1-11d1-8BE3-0000F8754DA1

Charts ActiveX Control for Visual Basic 6
CLSID - 3A2B370C-BA0A-11d1-B137-0000F8753F5D

Masked Edit ActiveX Control for Visual Basic 6
CLSID - C932BA85-4374-101B-A56C-00AA003668DC

It is important to note that if you are using any of the affected software, a portion of these ActiveX controls may be installed by default. In addition to the affected software listed, there may be other applications that install these ActiveX controls as well. To determine if any of these vulnerable ActiveX controls are installed, we recommend searching for each of the CLSIDs in the Windows Registry.

All of the ActiveX controls mentioned do not correctly handle property values, which causes a buffer overrun when used in Internet Explorer that could allow an attacker to run arbitrary code.

RECOMMENDATIONS:
We recommend the following actions be taken:

    • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.

    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

    • Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

    • Read all e-mail messages in plain text.

    • If the ActiveX control is not required for business functionality, set the kill bit on the Class Identifier (CLSID) {CDE57A43-8B86-11D0-B3C6-00A0C90AEA82}, {6262D3A0-531B-11CF-91F6-C2863C385E30}, {0ECD9B64-23AA-11d0-B351-00A0C9055D8E}, { B09DE715-87C1-11d1-8BE3-0000F8754DA1}, {3A2B370C-BA0A-11d1-B137-0000F8753F5D} and {F2175210-368C-11D0-AD81-00A0C90DC8D9}; further instructions on how to set the kill bit can be found at the following location (http://support.microsoft.com/kb/240797)

REFERENCES:

Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx
http://support.microsoft.com/kb/240797

Security Focus:
http://www.securityfocus.com/bid/32591
http://www.securityfocus.com/bid/32592
http://www.securityfocus.com/bid/32612
http://www.securityfocus.com/bid/32613
http://www.securityfocus.com/bid/32614
http://www.securityfocus.com/bid/30674

CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4252
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4253
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4254
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4255
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4256
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3704

 

NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER: 2008-040
 
DATE(S) ISSUED: 12/9/2008

SUBJECT: Vulnerabilities in Microsoft GDI Could Allow Remote Code Execution

OVERVIEW:
Two vulnerabilities have been discovered in the Microsoft Graphics Device Interface (GDI). Microsoft Windows Graphic Device Interface (GDI) enables various applications to access devices which render images, such as desktop displays and printers, for the user. GDI is installed by default on all Microsoft Windows operating systems. These vulnerabilities can be exploited if a user views a malicious web page; views or previews an email message; or opens an email attachment containing a specially crafted image file designed to exploit one of the vulnerabilities. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

SYSTEMS AFFECTED:

    • Windows 2000 Service Pack 4

    • Windows XP Service Pack 2 & 3

    • Windows XP Professional x64 Service Pack 1 & 2

    • Windows Server 2003 Service Pack 1

    • Windows Server 2003 Service Pack 2

    • Windows Server 2003 x64 Edition

    • Windows Server 2003 x64 Edition Service Pack 2

    • Windows Server 2003 with SP1 for Itanium-based Systems

    • Windows Server 2003 with SP2 for Itanium-based Systems

    • Windows Vista

    • Windows Vista Service Pack 1

    • Windows Vista x64 Edition

    • Windows Vista x64 Edition Service Pack 1

    • Windows Server 2008 for 32-bit Systems

    • Windows Server 2008 for x64-based Systems

    • Windows Server 2008 for Itanium-based Systems

RISK:
Government:

    • Large and medium government entities: High

    • Small government entities: High

Businesses:

    • Large and medium business entities: High

    • Small business entities: High

Home users: High

DESCRIPTION:
Microsoft Windows Graphic Device Interface (GDI) fails to properly handle Windows Metafile (WMF). Microsoft Windows Graphic Device Interface (GDI) enables various applications to access devices that render images, such as desktop displays and printers, for the user. GDI is installed by default on all Microsoft Windows operating systems.

All of the vulnerabilities mentioned in this advisory can be exploited if a user views a malicious web page; views or previews an email message; or opens an email attachment, such as a Microsoft Word document, that contains a specially crafted image file designed to exploit one of the vulnerabilities.

Once the user has opened the malicious WMF file a buffer overflow occurs because of the way the graphics device interface handles the malformed header of the attacker’s WMF image. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

RECOMMENDATIONS:
We recommend the following actions be taken:

    • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.

    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

    • Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

    • Read all e-mail messages in plain text.

    • Turn off the preview pane on Microsoft Outlook.

    • Do not open email attachments from unknown or un-trusted sources.

    • Filter all incoming Windows format Metafile (WMF) content at email gateways and proxy servers. Note that WMF images are not typically used on web sites or to send images via email therefore blocking them should have little business impact.

    • Update all custom software that uses GDI libraries.

REFERENCES:

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-071.mspx

Security Focus
http://www.securityfocus.com/bid/32634
http://www.securityfocus.com/bid/32637

CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3465
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2249


NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER: 2008-039

 DATE(S) ISSUED: 12/9/2008

SUBJECT: Vulnerabilities in Internet Explorer Could Allow Remote Code Execution

OVERVIEW:
 Four vulnerabilities have been discovered in Microsoft’s browser, Internet Explorer, which could allow an attacker to take complete control of an affected system. Exploitation may occur if a user visits a web page which is specifically crafted to take advantage of these announced vulnerabilities. Successful exploitation could result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may result in a denial-of-service condition.

SYSTEMS AFFECTED:

    • Internet Explorer 5.01

    • Internet Explorer 6

    • Internet Explorer 7

RISK:
Government:

    • Large and medium government entities: High

    • Small government entities: High

Businesses:

    • Large and medium business entities: High

    • Small business entities: High

Home users: High

DESCRIPTION:
 Four vulnerabilities have been discovered in Microsoft Internet Explorer that could allow an attacker to take complete control of an affected system. Details of these vulnerabilities are as follows:

Parameter Validation Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way Internet Explorer handles certain navigation methods. Specifically, Internet Explorer fails to perform sufficient validation of input parameters.

HTML Objects Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way Internet Explorer accesses memory. The vulnerability is caused by Internet Explorer attempting to access uninitialized memory in certain situations.

Uninitialized Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way Internet Explorer accesses memory. This vulnerability is caused by Internet Explorer attempting to access uninitialized or deallocated memory.

HTML Rendering Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way Internet Explorer embeds objects into a Web page. In this instance, improper handling of unexpected input can lead to memory corruption.

All of these vulnerabilities can be exploited by an attacker if a user visits a specially crafted malicious web site. Successful exploitation could allow an attacker to execute arbitrary code on the affected system. Depending on the privileges associated with the user, the attacker could then install programs; view, change, or delete data; or create new accounts with full privileges.

RECOMMENDATIONS:
We recommend the following actions be taken:

    • Apply appropriate patches provided by Microsoft to vulnerable systems immediately after appropriate testing.

    • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

    • Do not visit un-trusted websites or follow links provided by unknown or un-trusted sources.

REFERENCES:

Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-073.mspx

SecurityFocus
http://www.securityfocus.com/bid/32586
http://www.securityfocus.com/bid/32596
http://www.securityfocus.com/bid/32595
http://www.securityfocus.com/bid/32593

CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4258
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4259
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4260
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4261

 

New York State Office of Cyber Security and Critical Infrastructure Coordination Information Bulletin 

CSCIC ADVISORY NUMBER: 2008-044 Updated

DATE(S) ISSUED: 12/10/2008

12/12/2008 - UPDATED

SUBJECT: Vulnerability in Microsoft Internet Explorer 7

UPDATED SUBJECT: Vulnerability in Microsoft Internet Explorer

OVERVIEW:
A vulnerability has been discovered in Microsoft Internet Explorer 7 (IE 7) which could allow an attacker to take complete control of an affected system. Exploitation can occur if a user visits a webpage specifically crafted to take advantage of this vulnerability. Successful exploitation may result in an attacker gaining complete control of the affected system. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts may cause Internet Explorer 7 to crash.

It should be noted that this vulnerability is currently being exploited on the Internet and there is no patch available at this time.

UPDATED OVERVIEW:

Microsoft has indicated that Internet Explorer 5.01, Internet Explorer 6, and Internet Explorer 8 Beta on all supported versions of Windows are potentially affected by this vulnerability.

SYSTEMS AFFECTED:

o        Microsoft Internet Explorer 7.0

o        Avaya CIE 1.0

o