NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL
INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER:
2008-045
DATE(S) ISSUED:
12/10/2008
SUBJECT:
Microsoft SQL Server Remote Memory Corruption Vulnerability
OVERVIEW:
A vulnerability has been discovered in Microsoft SQL Server.
Successful exploitation will result in an attacker gaining the
same privileges as the MS SQL Server process. The attacker
could then potentially access sensitive or confidential
information, install programs, view, change, or delete
data, or create new accounts. There is no patch available at this time.
SYSTEMS AFFECTED:
RISK:
Government:
Businesses:
Home users: Low
DESCRIPTION:
Microsoft SQL Server 2000 and 2005 are prone to a remote
memory-corruption vulnerability because they fail to properly
handle user-supplied input. This vulnerability has been
confirmed on SQL Server 2000 and 2005. There is no information
available regarding SQL Server 2008.
The vulnerability is caused due to a boundary error in the
implementation of the 'sp_replwritetovarbin' SQL stored
procedure. By calling the extended stored procedure ‘sp_replwritetovarbin’,
and supplying several uninitialized variables as parameters,
it is possible to trigger a memory write to a controlled
location. It may be possible to use this vulnerability to
execute arbitrary code in the context of the vulnerable SQL
server process. If the principle
of Least Privilege has been followed, it would minimize the
amount of damage an attacker could achieve.
In a default configuration, the ‘sp_replwritetovarbin’ stored
procedure is accessible by any authenticated user. This
vulnerability therefore may be exploited by any authenticated
user with a direct database connection, or via SQL injection
through a vulnerable application that connects to a vulnerable
Microsoft SQL Server.
Proof of concept code for this vulnerability has been publicly
released and verified in our lab.
Reportedly, the researcher who discovered this issue has
developed a working code-execution exploit for this issue.
However, the exploit is not publicly available at this time.
With a working code-execution exploit, authenticated attackers
may be able to exploit this issue in order to execute
arbitrary code and compromise affected computers. Failed
attacks will likely cause denial-of-service conditions.
It should be noted that applications with a SQL injection
vulnerability may be able to be leveraged to exploit this
vulnerability by anonymous attackers.
There is no
patch available at this time.
RECOMMENDATIONS:
We recommend the following actions be taken:
-
Remove the ‘sp_replwritetovarbin’ extended stored
procedure unless it is being used for critical business
function.
-
Remove any stored procedures that are not being used.
-
Install the appropriate vendor patch as soon as it becomes
available after appropriate testing.
-
Restrict SQL access to trusted users only.
-
Apply the principle of Least Privilege to all services.
-
Ensure that all web applications that connect to
vulnerable MS SQL Servers are not vulnerable to SQL
Injection attacks.
REFERENCES:
SEC-CONSULT
http://www.sec-consult.com/files/20081209_mssql-2000-sp_replwritetovarbin_memwrite.txt
Microsoft
http://msdn.microsoft.com/en-us/library/aa215995(SQL.80).aspx
Security Focus
http://www.securityfocus.com/bid/32710/info
Secunia
NEW
YORK STATE
OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE
COORDINATION CYBER SECURITY ADVISORY
CSCIC
ADVISORY NUMBER:
2008-043
DATE(S)
ISSUED:
12/10/2008
SUBJECT:
Vulnerability in WordPad Text Converter Could Allow Remote
Code Execution
OVERVIEW:
A new vulnerability has been discovered in the Microsoft
Windows WordPad Text Converter for the Word 97 file format
that would allow a remote attacker to take complete control of
the vulnerable system. The WordPad Text Converter is a
component that is installed by default that allows some
applications to open Word documents if Word is not installed.
This vulnerability can be exploited when a user opens a
specially crafted Word 97 file using WordPad. Successful
exploitation may result in an attacker gaining complete
control of the affected system. Depending on the privileges
associated with the user, an attacker could then install
programs; view, change, or delete files; or create new
accounts with user rights.
It should be
noted that this vulnerability is currently being exploited on
the Internet and there is no patch available at this time.
SYSTEMS
AFFECTED:
-
Windows
2000 SP4
-
Windows
XP SP2
-
Windows
XP Professional x64 Edition, SP2
-
Windows
2003 Server SP1, SP2
-
Windows
2003 Server for Itanium-based systems
-
Windows
2003 Server x64 Edition, SP2
RISK:
Government:
Businesses:
Home users:
High
DESCRIPTION:
A new
vulnerability has been identified in the Microsoft Windows
WordPad Text Converter. This vulnerability affects the WordPad
Text Converter and could be exploited when a user opens a
specially crafted Word 97 file (.doc, .wri, or .rtf file
extensions). If Microsoft Word is installed, the .doc and the
.rtf file will open by default in Word, which is not
vulnerable to the exploit. However if the attacker uses the .wri
file extension, the file would automatically open in WordPad.
Successful exploitation may result in an attacker gaining
complete control of the affected system. Depending on the
privileges associated with the user, an attacker could then
install programs; view, change, or delete files; or create new
accounts with user rights. This vulnerability cannot be
automatically exploited through email. The user needs to open
a malicious document.
It should be
noted that this vulnerability is currently being exploited on
the Internet and there is no patch available at this time.
We recommend that you follow the
workaround instructions which can be found on Microsoft's
website at the following location:
http://www.microsoft.com/technet/security/advisory/960906.mspx.
These instructions explain how to disable the WordPad Text
Converter. This workaround will not correct the underlying
vulnerability, but it will help in blocking known attack
vectors.
RECOMMENDATIONS:
We recommend the following actions be taken:
-
Follow
the workaround instructions for how to disable the WordPad
Text Converter.
-
Do not
open untrusted documents using WordPad.
-
Consider
blocking .wri files at the network perimeter
-
Do not
visit unknown or un-trusted Web sites.
-
Run all
software as a non-privileged user (one without
administrative privileges) to diminish the effects of a
successful attack.
REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/advisory/960906.mspx
Security Focus:
http://www.securityfocus.com/bid/32718
Secunia:
http://secunia.com/Advisories/32997/
CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4841
NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL
INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER:
2008-042
DATE(S) ISSUED:
12/10/2008
SUBJECT:
Multiple Vulnerabilities in Microsoft Office Word Could Allow
Remote Code Execution
OVERVIEW:
Eight vulnerabilities have been discovered in Microsoft Office
Word. These vulnerabilities can be exploited if a user opens a
specially crafted document in Rich Text Format (RTF) or Word
file, or views or previews a specially crafted email
sent in RTF format on a system where Word is the default
editor. It should be noted that Word is the default email
editor for Microsoft Office. Successful exploitation will
result in an attacker gaining the same privileges as the
logged on user. Depending on the privileges associated with
the user, the attacker could then install programs; view,
change, or delete data; or create new accounts with full
privileges.
SYSTEMS AFFECTED:
-
Microsoft Office 2000 SP3
-
Microsoft Office XP S P3
-
Microsoft Office 2003 SP 3
-
2007 Microsoft Office System
-
2007 Microsoft Office System SP1
-
Microsoft Office Word Viewer 2003
-
Microsoft Office Word Viewer 2003 SP3
-
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats
-
Microsoft Office Compatibility Pack for Word, Excel, and
PowerPoint 2007 File Formats SP1
-
Microsoft Works 8
-
Microsoft Office 2004 for Mac
-
Microsoft Office 2008 for Mac
-
Open XML File Format Converter for Mac
RISK:
Government:
Businesses:
Home users: High
DESCRIPTION:
Eight vulnerabilities have been discovered in Microsoft Office
Word which could allow for remote code execution. These
vulnerabilities are caused by the way that Microsoft Office
Word handles specially crafted RTF documents and Word files.
Three of these vulnerabilities are for Word Memory Corruption
and can be exploited if a user opens a specially crafted Word
file, or opens an attachment in an email message. The
remaining five vulnerabilities are for Word RTF Object
Parsing. These can be exploited if a user opens a specially
crafted RTF or Word file; or views or previews a
specially crafted email message sent in RTF format where Word
is the default editor. Word is the default editor for
Microsoft Office. Successful exploitation of any of the
vulnerabilities will result in an attacker gaining the same
privileges as the logged on user. Depending on the privileges
associated with the user, the attacker could then install
programs; view, change, or delete data; or create new accounts
with full privileges.
RECOMMENDATIONS:
We recommend the following actions be taken:
-
Apply appropriate patches provided by Microsoft to
vulnerable systems immediately after appropriate
testing.
-
Run all software as a non-privileged user (one without
administrative privileges) to diminish the effects of a
successful attack.
-
Do not open email attachments from unknown or un-trusted
sources.
-
Read all
e-mail messages in plain text.
-
Turn off
the preview pane on Microsoft Outlook.
-
Configure Microsoft Outlook to not use Word as the default
editor.
REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-072.mspx
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4024
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4025
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4026
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4027
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4030
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4028
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4031
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4837
SecurityFocus:
http://www.securityfocus.com/bid/32579
http://www.securityfocus.com/bid/32580
http://www.securityfocus.com/bid/32581
http://www.securityfocus.com/bid/32583
http://www.securityfocus.com/bid/32584
http://www.securityfocus.com/bid/32585
http://www.securityfocus.com/bid/32594
http://www.securityfocus.com/bid/32642
Secunia:
http://secunia.com/advisories/30285/
NEW
YORK STATE
OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE
COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER: 2008-041
DATE(S) ISSUED: 12/9/2008
SUBJECT:
Vulnerabilities in Visual Basic 6.0 Runtime Extended Files
(ActiveX Controls) Could Allow Remote Code Execution
OVERVIEW:
Six vulnerabilities have been discovered in the ActiveX
controls for the Microsoft Visual Basic 6.0 Runtime Extended
Files. The Visual Basic 6.0 Runtime Extended Files include
select ActiveX controls, libraries, and tools that are
delivered with a variety of Microsoft products, such as
Microsoft Project, Visual Studio, FoxPro, and FrontPage, as
well as third party and custom written software. The
identified vulnerabilities may be exploited if a user visits a
specially crafted web page or opens a specially crafted HTML
formatted email, which could allow an attacker to take
complete control of an affected system. For all of the
vulnerabilities, successful exploits could result in an
attacker gaining the same privileges as the logged on user.
Depending on the privileges associated with the user, an
attacker could then install programs; view, change, or delete
files; or create new accounts with user rights.
SYSTEMS
AFFECTED:
-
Microsoft
Visual Basic Enterprise Edition for Windows, Version 6.0
-
Microsoft
Visual Basic 6.0 Standard Edition
-
Microsoft
Visual Basic Professional Edition for Windows 6.0
-
Microsoft
Visual Studio .Net 2003 Service Pack 1, when used with:
-
Microsoft Visual Studio .NET 2003 Academic Edition
-
Microsoft Visual Studio .NET 2003 Enterprise Architect
-
Microsoft Visual Studio .NET 2003 Enterprise Developer
-
Microsoft Visual Basic .NET (2003)
-
Microsoft Visual C++ .NET (2003)
-
Microsoft Visual C# .NET 2003 Standard Edition
-
Microsoft Visual J# .NET (2003)
-
Microsoft
Visual Studio .NET 2002 Service Pack 1, when used with:
-
Microsoft Visual Studio .NET (2002), Academic Edition
-
Microsoft Visual Studio .NET (2002), Enterprise
Architect Edition
-
Microsoft Visual Studio .NET (2002), Enterprise
Developer Edition
-
Microsoft Visual Basic .NET (2002)
-
Microsoft Visual C++ .NET (2002)
-
Microsoft Visual C# .NET (2002)
-
Visual
FoxPro 8 SP1
-
Microsoft
Visual FoxPro 9.0 Service Pack 1
-
Microsoft
Visual FoxPro 9.0 Service Pack 2
-
Microsoft
FrontPage 2002 Service Pack 3 (SP3)
-
Microsoft
Office Project 2003 Service Pack 3
-
Microsoft
Office Project Pro 2007
-
Microsoft
Office Project Standard 2007
-
Microsoft
Office Project 2007 Service Pack 1
RISK:
Government:
Businesses:
Home users:
High
DESCRIPTION:
Six vulnerabilities have been discovered in the ActiveX
controls for the Microsoft Visual Basic 6.0 Runtime Extended
Files, that could allow an attacker to take complete control
of an affected system. These vulnerabilities may be exploited
if a user visits a specifically crafted web page or opens a
specially crafted HTML formatted email. The following is a
list of ActiveX controls that were found to be vulnerable
along with their respective Class Identifiers (CLSID):
DataGrid
ActiveX Control for Visual Basic 6
CLSID - CDE57A43-8B86-11D0-B3C6-00A0C90AEA82
FlexGrid
ActiveX Control for Visual Basic 6
CLSID - 6262D3A0-531B-11CF-91F6-C2863C385E30
Hierarchical
FlexGrid ActiveX Control for Visual Basic 6
CLSID - 0ECD9B64-23AA-11d0-B351-00A0C9055D8E
Windows
Common ActiveX Control for Visual Basic 6
CLSID - B09DE715-87C1-11d1-8BE3-0000F8754DA1
Charts
ActiveX Control for Visual Basic 6
CLSID - 3A2B370C-BA0A-11d1-B137-0000F8753F5D
Masked Edit
ActiveX Control for Visual Basic 6
CLSID - C932BA85-4374-101B-A56C-00AA003668DC
It is
important to note that if you are using any of the affected
software, a portion of these ActiveX controls may be
installed by default. In addition to the affected
software listed, there may be other applications that install
these ActiveX controls as well. To determine if any of these
vulnerable ActiveX controls are installed, we recommend
searching for each of the CLSIDs in the Windows Registry.
All of the
ActiveX controls mentioned do not correctly handle property
values, which causes a buffer overrun when used in Internet
Explorer that could allow an attacker to run arbitrary code.
RECOMMENDATIONS:
We recommend the following actions be taken:
-
Apply
appropriate patches provided by Microsoft to vulnerable
systems immediately after appropriate testing.
-
Run all
software as a non-privileged user (one without
administrative privileges) to diminish the effects of a
successful attack.
-
Do not
visit un-trusted websites or follow links provided by
unknown or un-trusted sources.
-
Read all
e-mail messages in plain text.
-
If the
ActiveX control is not required for business
functionality, set the kill bit on the Class Identifier (CLSID)
{CDE57A43-8B86-11D0-B3C6-00A0C90AEA82},
{6262D3A0-531B-11CF-91F6-C2863C385E30},
{0ECD9B64-23AA-11d0-B351-00A0C9055D8E}, {
B09DE715-87C1-11d1-8BE3-0000F8754DA1},
{3A2B370C-BA0A-11d1-B137-0000F8753F5D} and
{F2175210-368C-11D0-AD81-00A0C90DC8D9}; further
instructions on how to set the kill bit can be found at
the following location (http://support.microsoft.com/kb/240797)
REFERENCES:
Microsoft:
http://www.microsoft.com/technet/security/bulletin/MS08-070.mspx
http://support.microsoft.com/kb/240797
Security
Focus:
http://www.securityfocus.com/bid/32591
http://www.securityfocus.com/bid/32592
http://www.securityfocus.com/bid/32612
http://www.securityfocus.com/bid/32613
http://www.securityfocus.com/bid/32614
http://www.securityfocus.com/bid/30674
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4252
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4253
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4254
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4255
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4256
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3704
NEW
YORK STATE
OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE
COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER: 2008-040
DATE(S) ISSUED: 12/9/2008
SUBJECT:
Vulnerabilities in Microsoft GDI Could Allow Remote Code
Execution
OVERVIEW:
Two vulnerabilities have been discovered in the Microsoft
Graphics Device Interface (GDI). Microsoft Windows Graphic Device Interface (GDI)
enables various applications to access devices which render
images, such as desktop displays and printers, for the user.
GDI
is installed by default on all Microsoft Windows operating
systems. These vulnerabilities can be exploited if a user views a
malicious web page; views or previews an email
message; or opens an email attachment containing a specially
crafted image file designed to exploit one of the
vulnerabilities. Successful exploitation will result in an
attacker gaining the same privileges as the logged on user.
Depending on the privileges associated with the user, the
attacker could then install programs; view, change, or delete
data; or create new accounts with full privileges.
SYSTEMS
AFFECTED:
-
Windows
2000 Service Pack 4
-
Windows
XP Service Pack 2 & 3
-
Windows
XP Professional x64 Service Pack 1 & 2
-
Windows
Server 2003 Service Pack 1
-
Windows
Server 2003 Service Pack 2
-
Windows
Server 2003 x64 Edition
-
Windows
Server 2003 x64 Edition Service Pack 2
-
Windows
Server 2003 with SP1 for Itanium-based Systems
-
Windows
Server 2003 with SP2 for Itanium-based Systems
-
Windows
Vista
-
Windows
Vista Service Pack 1
-
Windows
Vista x64 Edition
-
Windows
Vista x64 Edition Service Pack 1
-
Windows
Server 2008 for 32-bit Systems
-
Windows
Server 2008 for x64-based Systems
-
Windows
Server 2008 for Itanium-based Systems
RISK:
Government:
Businesses:
Home users:
High
DESCRIPTION:
Microsoft Windows Graphic Device Interface (GDI) fails to
properly handle Windows Metafile (WMF). Microsoft Windows
Graphic Device Interface (GDI) enables various applications to
access devices that render images, such as desktop displays
and printers, for the user.
GDI
is installed by default on all Microsoft Windows operating
systems.
All of the
vulnerabilities mentioned in this advisory can be exploited if
a user views a malicious web page; views or previews
an email message; or opens an email attachment, such as a
Microsoft Word document, that contains a specially crafted
image file designed to exploit one of the vulnerabilities.
Once the user
has opened the malicious WMF file a buffer overflow occurs
because of the way the graphics device interface handles the
malformed header of the attacker’s WMF image. Successful
exploitation will result in an attacker gaining the same
privileges as the logged on user. Depending on the privileges
associated with the user, the attacker could then install
programs; view, change, or delete data; or create new accounts
with full privileges.
RECOMMENDATIONS:
We recommend the following actions be taken:
-
Apply
appropriate patches provided by Microsoft to vulnerable
systems immediately after appropriate testing.
-
Run all
software as a non-privileged user (one without
administrative privileges) to diminish the effects of a
successful attack.
-
Do not
visit un-trusted websites or follow links provided by
unknown or un-trusted sources.
-
Read all
e-mail messages in plain text.
-
Turn off
the preview pane on Microsoft Outlook.
-
Do not
open email attachments from unknown or un-trusted sources.
-
Filter
all incoming Windows format Metafile (WMF) content at
email gateways and proxy servers. Note that WMF images are
not typically used on web sites or to send images via
email therefore blocking them should have little business
impact.
-
Update
all custom software that uses
GDI libraries.
REFERENCES:
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-071.mspx
Security
Focus
http://www.securityfocus.com/bid/32634
http://www.securityfocus.com/bid/32637
CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3465
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2249
NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL
INFRASTRUCTURE COORDINATION CYBER SECURITY ADVISORY
CSCIC ADVISORY NUMBER: 2008-039
DATE(S) ISSUED:
12/9/2008
SUBJECT:
Vulnerabilities in Internet Explorer Could Allow Remote Code
Execution
OVERVIEW:
Four vulnerabilities have been discovered in Microsoft’s
browser, Internet Explorer, which could allow an attacker to
take complete control of an affected system. Exploitation may
occur if a user visits a web page which is specifically
crafted to take advantage of these announced vulnerabilities.
Successful
exploitation could result in an attacker gaining the same
privileges as the logged on user. Depending on the privileges
associated with the user, an attacker could then install
programs; view, change, or delete data; or create new accounts
with full user rights. Failed exploit attempts may result in a
denial-of-service condition.
SYSTEMS AFFECTED:
-
Internet Explorer 5.01
-
Internet
Explorer 6
-
Internet
Explorer 7
RISK:
Government:
Businesses:
Home users:
High
DESCRIPTION:
Four vulnerabilities have been discovered in Microsoft
Internet Explorer that could allow an attacker to take
complete control of an affected system. Details of these
vulnerabilities are as follows:
Parameter Validation Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way
Internet Explorer handles certain navigation methods. Specifically, Internet Explorer fails to perform
sufficient validation of input parameters.
HTML Objects Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way
Internet Explorer accesses memory. The
vulnerability is caused by Internet Explorer attempting to
access uninitialized memory in certain situations.
Uninitialized
Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way
Internet Explorer accesses memory. This
vulnerability is caused by Internet Explorer attempting to
access uninitialized or deallocated memory.
HTML Rendering Memory Corruption Vulnerability
A remote code vulnerability has been discovered in the way
Internet Explorer embeds objects into a Web page.
In this instance, improper handling of unexpected input can
lead to memory corruption.
All of these
vulnerabilities can be exploited by an attacker if a user
visits a specially crafted malicious web site. Successful
exploitation could allow an attacker to execute arbitrary code
on the affected system. Depending on the privileges associated
with the user, the attacker could then install programs; view,
change, or delete data; or create new accounts with full
privileges.
RECOMMENDATIONS:
We
recommend the following actions be taken:
-
Apply appropriate patches provided by Microsoft to
vulnerable systems immediately after appropriate
testing.
-
Run all
software as a non-privileged user (one without
administrative privileges) to diminish the effects of a
successful attack.
-
Do not
visit un-trusted websites or follow links provided by
unknown or un-trusted sources.
REFERENCES:
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS08-073.mspx
SecurityFocus
http://www.securityfocus.com/bid/32586
http://www.securityfocus.com/bid/32596
http://www.securityfocus.com/bid/32595
http://www.securityfocus.com/bid/32593
CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4258
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4259
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4260
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4261
New York
State Office of Cyber Security and Critical Infrastructure
Coordination Information Bulletin
CSCIC ADVISORY NUMBER:
2008-044 Updated
DATE(S) ISSUED:
12/10/2008
12/12/2008 -
UPDATED
SUBJECT:
Vulnerability in Microsoft Internet Explorer 7
UPDATED SUBJECT: Vulnerability in Microsoft Internet Explorer
OVERVIEW:
A
vulnerability has been discovered in Microsoft Internet
Explorer 7 (IE 7) which could allow an attacker to take
complete control of an affected system. Exploitation can occur
if a user visits a webpage specifically crafted to take
advantage of this vulnerability. Successful exploitation may
result in an attacker gaining complete control of the affected
system. Depending on the privileges associated with the user,
an attacker could then install programs; view, change, or
delete data; or create new accounts with full user rights.
Failed exploit attempts may cause Internet Explorer 7 to
crash.
It should be
noted that this vulnerability is currently being exploited on
the Internet and there is no patch available at this time.
UPDATED OVERVIEW:
Microsoft has indicated
that Internet
Explorer 5.01, Internet Explorer 6, and Internet Explorer 8
Beta on all supported versions of Windows are
potentially
affected by this vulnerability.
SYSTEMS
AFFECTED:
o
Microsoft Internet Explorer 7.0
o
Avaya
CIE 1.0
o