Support

The Stonesoft Technical Services Team is committed to providing high-quality, results-driven service to customers and partners, world-wide.

Microsoft Vulnerabilities and Situations for 2007 in sgpkg-ips-577-5211

Vulnerabilities


MS07-069 Internet-Explorer-DOM-Object-Cache-Management-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-138-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer 6.0; Internet Explorer 7.0
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles uninitialized or removed objects. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user.
SituationHTTP_SS-Internet-Explorer-DOM-Object-Cache-Management-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Internet-Explorer-DOM-Object-Cache-Management-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2007-5344
BID-26817
MS07-069
Back to top

MS07-069 Microsoft-Internet-Explorer-DHTML-Objects-Memory-Corruption

About this vulnerability: A memory corruption vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-136-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer handles the switching of page location. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system in the context of the logged in user.
SituationHTTP_SS-Microsoft-Internet-Explorer-DHTML-Objects-Memory-Corruption
Comment: Detected an attempt to exploit memory corruption vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-DHTML-Objects-Memory-Corruption
Comment: Detected an attempt to exploit memory corruption vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2007-5347
BID-26427
MS07-069
Back to top

MS07-069 Microsoft-Internet-Explorer-Object-Reference-Counting-Memory-Corruption

About this vulnerability: A memory corruption vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-134-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability Microsoft Internet Explorer. Internet Explorer incorrectly handles initialized or removed objects, causing memory corruption. Remote attackers can exploit this vulnerability by persuading target users to visit a specially crafted web page. Successful exploitation may allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user.
SituationHTTP_SS-Microsoft-Internet-Explorer-Object-Reference-Counting-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Microsoft-Internet-Explorer-Object-Reference-Count-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2007-3902
BID-26506
MS07-069
Back to top

MS07-068 Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution

About this vulnerability: A vulnerability in Microsoft Windows Media Format Runtime
Risk: High
First detected in: sgpkg-ips-136-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Windows Media Format Runtime; Windows Media Format Runtime x64 Edition; Windows Media Services
Type: Buffer Overflow
Description: There are multiple buffer overflow vulnerabilities in the Microsoft Windows Media Format processing engine. These vulnerabilities are caused by a boundary error when processing Advanced Systems Format (ASF) files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted ASF file, potentially causing arbitrary code to be injected and executed in the security context of the currently logged in user.
SituationHTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-JPEG
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationHTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sum
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationHTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Spread
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationHTTP_SS-Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sig
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationFile-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-JPEG
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationFile-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sum
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationFile-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Spread
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
SituationFile-Binary_Microsoft-Windows-Media-Format-ASF-Parsing-Code-Execution-Sig
Comment: An attempt to exploit ASF file parsing vulnerability in Microsoft Windows detected
Description: An attempt to exploit an Advanced Systems Format (ASF) parsing vulnerability in Microsoft Windows was detected.
References:
CVE-2007-0064
BID-26776
MS07-068
Back to top

MS07-065 MSRPC-Message-Queuing-Service-Queue-Name-String-Buffer-Overflow

About this vulnerability: A buffer overflow in the Microsoft Message Queuing Service
Risk: Moderate
First detected in: sgpkg-ips-133-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000 SP4;Windows XP SP2;Windows 2000 Server
Software: <os>
Type: Buffer Overflow
Description: Microsoft Message Queuing (MSMQ) Service suffers from a buffer overflow vulnerability in the handling of long queue names. Remote attackers can exploit the vulnerability via an unauthenticated MSRPC request containing a malicious message queue name, and potentially execute arbitrary code on the vulnerable host.
SituationMSRPC-TCP_CPS-Message-Queuing-Service-Queue-Name-String-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in the Message Queuing Service in Microsoft Windows
Description: Detects long queue strings from MSRPC messages to the Windows Message Queueing Service. The service suffers from a buffer overflow vulnerability which can be exploited by unauthenticated remote attackers and be used to execute arbitrary code with system level privileges.
References:
CVE-2007-3039
BID-26797
MS07-065
Back to top

MS07-064 Microsoft-DirectX-Sami-File-Parsing-Code-Execution

About this vulnerability: A buffer overflow vulnerability in Microsoft DirectX
Risk: High
First detected in: sgpkg-ips-136-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000
Software: DirectX
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in the Microsoft DirectX application framework. The vulnerability is due to the way certain DirectX libraries handle specially crafted Synchronized Accessible Media Interchange (SAMI) files. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted SAMI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.
SituationHTTP_SS-Microsoft-DirectX-Sami-File-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft DirectX detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft DirectX application framework was detected.
SituationFile-TextId_Microsoft-DirectX-Sami-File-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft DirectX detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft DirectX application framework was detected.
References:
CVE-2007-3901
BID-26789
MS07-064
Back to top

MS07-064 Microsoft-DirectX-WAV-And-AVI-File-Parsing-Code-Execution

About this vulnerability: A vulnerability in Microsoft DirectX
Risk: High
First detected in: sgpkg-ips-134-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows XP; Windows Vista; Windows 2003
Software: <os>
Type: Integer Overflow
Description: There is a buffer overflow vulnerability in the Microsoft DirectX application framework. The vulnerability is due to the way certain DirectX libraries handle specially crafted WAV and AVI files. A remote attacker could exploit this vulnerability by persuading a user to open a specially crafted WAV or AVI file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.
SituationHTTP_SS-Microsoft-DirectX-WAV-And-AVI-File-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft DirectX detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft DirectX application framework via a specially crafted WAV or AVI file was detected.
SituationFile-RIFF_Microsoft-DirectX-WAV-And-AVI-File-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft DirectX detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft DirectX application framework via a specially crafted WAV or AVI file was detected.
References:
CVE-2007-3895
BID-26804
MS07-064
Back to top

MS07-062 Microsoft-Windows-DNS-Server-Spoofing-Vulnerability

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-436-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There exists a DNS Cache Poisoning vulnerability in Microsoft DNS servers. The vulnerability is due to predictable transaction ID values in outgoing DNS queries. A remote attacker can exploit this vulnerability to poison the DNS cache by sending malicious responses to DNS requests, thereby redirecting Internet traffic to illegitimate sites. In a successful attack case, the attacker can manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
SituationDNS-UDP_Microsoft-Windows-DNS-Server-Spoofing-Vulnerability
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: There exists a DNS Cache Poisoning vulnerability in Microsoft DNS servers. The vulnerability is due to predictable transaction ID values in outgoing DNS queries. A remote attacker can exploit this vulnerability to poison the DNS cache by sending malicious responses to DNS requests, thereby redirecting Internet traffic to illegitimate sites. In a successful attack case, the attacker can manipulate cache data, potentially facilitating man-in-the-middle, site-impersonation, or denial-of-service attacks.
References:
CVE-2007-3898
BID-25919
MS07-062
Back to top

MS07-061 Microsoft-Windows-ShellExecute-And-IE7-Url-Handling-Code-Execution

About this vulnerability: A vulnerability in URL protocol handlers of Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-125-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows XP; Windows 2003
Software: Adobe Acrobat; Adobe Reader; mIRC; Mozilla Firefox; Netscape; Microsoft Outlook Express; Microsoft Outlook
Type: Input Validation
Description: There is a vulnerability in Microsoft Windows that could be exploited by remote attackers to compromise a vulnerable system. The issue exists in the interaction between ShellExecute and IE7 URLMon component when handling malformed URLs. Successful exploitation would allow the attacker to execute arbitrary command on the vulnerable client system within the context of the logged in user.
SituationHTTP_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution
Comment: Command execution exploit against Mozilla Firefox detected
Description: A command execution exploit against Mozilla Firefox was detected. A successful exploit leads to arbitrary command execution.
SituationFile-Text_Mozilla-Firefox-Multiple-URI-Handlers-Command-Execution
Comment: Command execution exploit against Mozilla Firefox detected
Description: A command execution exploit against Mozilla Firefox was detected. A successful exploit leads to arbitrary command execution.
References:
CVE-2007-3896
BID-25945
MS07-061
Back to top

MS07-060 Microsoft-Word-Malformed-String-Memory-Corruption

About this vulnerability: A buffer overflow vulnerability in Microsoft Word
Risk: High
First detected in: sgpkg-ips-125-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows; Mac OS X
Software: Microsoft Word; Microsoft Office
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Word processes. The vulnerability is a result of insufficient boundary checking while parsing a font table structure in a specially crafted file. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Word document, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationHTTP_Microsoft-Word-For-Macintosh-Version-5-Document
Comment: Detected Microsoft Word for Macintosh version 5 document
Description: A Microsoft Word for Macintosh version 5 document has been detected. There is a vulnerability in the way later versions of Word process files generated by Word version 5 for Macintosh. The presence of these files may indicate an attack, especially in an environments where Word 5 for Macintosh is not in use.
SituationFile-Binary_Microsoft-Word-For-Macintosh-Version-5-Document
Comment: Detected Microsoft Word for Macintosh version 5 document
Description: A Microsoft Word for Macintosh version 5 document has been detected. There is a vulnerability in the way later versions of Word process files generated by Word version 5 for Macintosh. The presence of these files may indicate an attack, especially in an environments where Word 5 for Macintosh is not in use.
References:
CVE-2007-3899
BID-25906
MS07-060
Back to top

MS07-059 Microsoft-Windows-Sharepoint-Services-Cross-Site-Scripting

About this vulnerability: A cross-site scripting vulnerability in Microsoft Office SharePoint Server
Risk: Low
First detected in: sgpkg-ips-125-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft Office SharePoint Server
Type: Cross-site Scripting
Description: There is a cross-site scripting vulnerability in Microsoft Office SharePoint Server. The flaw is due to a lack of input validation when processing the URL request from the client. The flaw may be exploited by malicious users to execute arbitrary HTML code on target user's web browser in the context of a trusted web site.
SituationHTTP_CRL-Microsoft-Windows-Sharepoint-Services-Cross-Site-Scripting
Comment: Detected an attempt to exploit a vulnerability in Microsoft Office SharePoint Server
Description: An attempt to exploit a cross-site scripting vulnerability in Microsoft Office SharePoint Server was detected.
References:
CVE-2007-2581
BID-23832
OSVDB-37630
MS07-059
Back to top

MS07-058 MSRPC-NTLMSSP-Authentication-Null-Session-Denial-Of-Service

About this vulnerability: Denial of service vulnerability in MSRPC NTLMSSP authentication
Risk: Low
First detected in: sgpkg-ips-125-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: Microsoft MSRPC service has an integer overflow vulnerability that can be triggered via the NTLMSSP authentication method. A specially crafted MSRPC connection where a NULL session is first established with NTLMSSP authentication and later used with a crafted authentication level may result in crashing a vulnerable Windows host. The vulnerability can be exploited by unauthenticated remote attackers.
SituationMSRPC-TCP_NTLMSSP-Authentication-Null-Session-Denial-Of-Service
Comment: Denial of service exploit against MSRPCSS service via NTLMSSP NULL session authentication
Description: Detects denial of service exploits against the Windows MSRPCSS service using NTLMSSP NULL sessions. A specially crafted MSRPC session can be used to cause an integer overflow and possibly crash the vulnerable host, resulting in a denial of service condition.
References:
CVE-2007-2228
BID-27134
MS07-058
Back to top

MS07-056 Outlook-Express-And-Windows-Mail-NNTP-Handling-Code-Execution

About this vulnerability: A vulnerability in Microsoft Outlook Express
Risk: Moderate
First detected in: sgpkg-ips-437-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability exists in Microsoft Outlook Express and Windows Mail. Specifically the vulnerability is due to lack of boundary check when processing news subjects from the NNTP server. Successful exploitation would allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Microsoft Outlook Express and/or Windows Mail will terminate unexpectedly.
SituationNNTP_Microsoft-Outlook-Express-And-Windows-Mail-NNTP-Handling-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Outlook Express detected
Description: There is a buffer overflow vulnerability exists in Microsoft Outlook Express and Windows Mail. Specifically the vulnerability is due to lack of boundary check when processing news subjects from the NNTP server. Successful exploitation would allow the attacker to execute arbitrary code on the vulnerable client system, in the context of the logged in user. An attack targeting this vulnerability can result in the injection and execution of arbitrary code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any injected code will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Microsoft Outlook Express and/or Windows Mail will terminate unexpectedly.
References:
CVE-2007-3897
BID-25908
MS07-056
Back to top

MS07-055 Microsoft-Windows-Kodak-Image-Viewer-Code-Execution

About this vulnerability: A buffer overflow vulnerability in Microsoft Windows
Risk: High
First detected in: sgpkg-ips-129-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000 SP4; Windows XP SP2; Windows 2003 SP1; Windows 2003 SP2
Software: <os>
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Windows Kodak Image Viewer. The vulnerability is due to improper parsing of specially crafted TIFF image files. An attacker can exploit the vulnerability by constructing a specially crafted image and enticing a victim to open the malicious image with an affected version of product. Successful exploitation of this vulnerability would result in arbitrary code execution in the context of the logged-in user.
SituationE-Mail_BS-Microsoft-Windows-Kodak-Image-Viewer-Code-Execution
Comment: Detected an attempt to exploit buffer overflow vulnerability in Microsoft Windows
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows Kodak Image Viewer was detected.
SituationHTTP_SS-Microsoft-Windows-Kodak-Image-Viewer-Code-Execution
Comment: Detected an attempt to exploit buffer overflow vulnerability in Microsoft Windows
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows Kodak Image Viewer was detected.
SituationFile-Binary_Microsoft-Windows-Kodak-Image-Viewer-Code-Execution
Comment: Detected an attempt to exploit buffer overflow vulnerability in Microsoft Windows
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows Kodak Image Viewer was detected.
References:
CVE-2007-2217
BID-25909
MS07-055
Back to top

MS07-052 Business-Objects-Crystal-Reports-Rpt-File-Handling

About this vulnerability: A buffer overflow vulnerability in Business Objects Crystal Reports
Risk: Moderate
First detected in: sgpkg-ips-124-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Business Objects Crystal Enterprise; Crystal Reports; Microsoft Visual Studio 2005; Microsoft Visual Studio .NET 2002; Microsoft Visual Studio .NET 2003
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in the way Business Objects Crystal Reports handles RPT files. Versions of Crystal Reports are included with Microsoft's Visual Studio .NET 2002 and 2003, as well as Visual Studio 2005 products. The vulnerable application fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. An attacker may exploit this issue by enticing a user into opening a malicious RPT file, resulting in the execution of arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts are likely to result in denial of service conditions.
SituationHTTP_Business-Objects-Crystal-Reports-Rpt-File-Handling
Comment: An attempt to exploit a vulnerability in Business Objects Crystal Reports detected
Description: An attempt to exploit a buffer overflow vulnerability in Business Objects Crystal Reports has been detected.
SituationFile-OLE_Business-Objects-Crystal-Reports-Rpt-File-Handling
Comment: An attempt to exploit a vulnerability in Business Objects Crystal Reports detected
Description: An attempt to exploit a buffer overflow vulnerability in Business Objects Crystal Reports has been detected.
References:
CVE-2006-6133
BID-21261
MS07-052
Back to top

MS07-051 HTTP_Microsoft-Agent-Crafted-Url-Stack-Buffer-Overflow

About this vulnerability: Buffer overflow vulnerability in Microsoft Agent
Risk: High
First detected in: sgpkg-ips-121-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000
Software: Microsoft Agent
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in the Microsoft Windows Agent application. The flaw is due to wrongly copying an overly large string to a fixed-size stack buffer within the code of the agentdpv.dll Dynamic Link Library. By persuading the target user to open a malicious web page, an attacker may execute arbitrary code on the target system within the privileges of the currently logged-on user.
SituationHTTP_SS-Microsoft-Agent-Crafted-Url-Stack-Buffer-Overflow
Comment: Attempt to exploit buffer overflow vulnerability in Microsoft Agent detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows Agent application was detected.
SituationFile-Text_Microsoft-Agent-Crafted-Url-Stack-Buffer-Overflow
Comment: Attempt to exploit buffer overflow vulnerability in Microsoft Agent detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows Agent application was detected.
References:
CVE-2007-3040
BID-25566
OSVDB-36934
MS07-051
Back to top

MS07-047 Microsoft-Windows-Media-Player-Skin-Parsing-Code-Execution

About this vulnerability: A vulnerability in Microsoft Windows Media Player
Risk: Moderate
First detected in: sgpkg-ips-415-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: A buffer overflow vulnerability exists in Microsoft Windows Media Player. The vulnerability is due to insufficient data validation while parsing compressed skin files. A remote attacker can exploit this flaw by enticing the target user to open a crafted WMZ file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a simple attack case, the affected Windows Media Player may terminate when the malicious file is opened. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the currently logged in user.
SituationFile-Zip_Microsoft-Windows-Media-Player-Skin-Parsing-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows Media Player detected
Description: A buffer overflow vulnerability exists in Microsoft Windows Media Player. The vulnerability is due to insufficient data validation while parsing compressed skin files. A remote attacker can exploit this flaw by enticing the target user to open a crafted WMZ file, potentially causing arbitrary code to be injected and executed in the security context of the current user. In a simple attack case, the affected Windows Media Player may terminate when the malicious file is opened. In a sophisticated attack scenario, where the malicious user is successful in injecting and executing supplied code, the behaviour of the system is dependent on the nature of the injected code. Any code injected into the vulnerable component would execute in the security context of the currently logged in user.
References:
CVE-2007-3037
BID-25305
OSVDB-36385
MS07-047
Back to top

MS07-045 HTTP-Microsoft-Ie-ActiveX-Object-IObjectsafety-Implementation-Code-Execution

About this vulnerability: Code execution vulnerability in the tblinf32.dll ActiveX control in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-118-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a code execution vulnerability in the tblinf32.dll ActiveX control in Microsoft Internet Explorer. A remote attacker can exploit this vulnerability by enticing a user to visit a crafted web site, which allows the attacker to execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_SS-Microsoft-Ie-ActiveX-Object-IObjectsafety-Implementation-Code-Execution
Comment: Exploit against the tblinf32.dll ActiveX control in Microsoft Internet Explorer detected
Description: An exploit against the tblinf32.dll ActiveX control in Microsoft Internet Explorer was detected. A successful exploit leads to non-privileged arbitrary code execution.
SituationFile-Text_Microsoft-Ie-ActiveX-IObjectsafety-Implementation-Code-Execution
Comment: Exploit against the tblinf32.dll ActiveX control in Microsoft Internet Explorer detected
Description: An exploit against the tblinf32.dll ActiveX control in Microsoft Internet Explorer was detected. A successful exploit leads to non-privileged arbitrary code execution.
References:
CVE-2007-2216
BID-25289
OSVDB-36396
MS07-045
Back to top

MS07-045 HTTP_SS-Microsoft-Internet-Explorer-CSS-Strings-Parsing-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-142-2032
Last changed: sgpkg-ips-534-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a remote code execution vulnerability in Microsoft Internet Explorer. The flaw is caused by improper handling of malformed Cascading Style Sheet (CSS) content. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationHTTP_SS-Microsoft-Internet-Explorer-CSS-Strings-Parsing-Memory-Corruption
Comment: Detected an attempt to exploit a vulnerability in Microsoft Internet Explorer
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2007-0943
BID-25288
OSVDB-36397
MS07-045
Back to top

MS07-045 Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Visual Basic and Visual Studio
Risk: High
First detected in: sgpkg-ips-142-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Visual Basic; Microsoft Visual Studio
Type: Malfunction
Description: There is a remote code execution vulnerability in Microsoft's ActiveX control pdwizard.ocx, distributed with Microsoft Visual Studio and Microsoft Visual Basic. The vulnerability is due to memory corruption that occurs when the affected control is instantiated in Internet Explorer. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the currently logged on user.
SituationHTTP_SS-Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption
Comment: Detected an access to the vulnerable ActiveX control
Description: Access to the vulnerable ActiveX control, PDWizard.ocx, was detected.
SituationFile-Text_Microsoft-Visual-Studio-PDWizard.ocx-ActiveX-Control-Memory-Corruption
Comment: Detected an access to the vulnerable ActiveX control
Description: Access to the vulnerable ActiveX control, PDWizard.ocx, was detected.
References:
CVE-2007-3041
BID-25295
OSVDB-36395
MS07-045
Back to top

MS07-044 Microsoft-Excel-Workspace-Index-Value-Memory-Corruption

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel; Microsoft Excel Viewer; Microsoft Office
Type: Malfunction
Description: There exists a memory corruption vulnerability in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing an index value in a certain BIFF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.
SituationFile-Binary_Microsoft-Excel-Workspace-Index-Value-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: There exists a memory corruption vulnerability in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing an index value in a certain BIFF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.
References:
CVE-2007-3890
BID-25280
MS07-044
Back to top

MS07-043 HTTP-Microsoft-OLE-Automation-String-Manipulation-Heap-Overflow

About this vulnerability: Buffer overflow vulnerability in the Microsoft Object Linking and Embedding Automation library
Risk: Moderate
First detected in: sgpkg-ips-121-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Integer Overflow
Description: There is a buffer overflow vulnerability in the Microsoft Object Linking and Embedding Automation library. The vulnerability is due to a lack of parameter checking in the substringData method. By enticing a user to visit a crafted web site, a remote attacker can execute non-privileged arbitrary code.
SituationHTTP_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library detected
Description: There is an integer overflow vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library. The vulnerability is due to a lack of parameter checking in the substringData method. A remote attacker can exploit these vulnerabilities by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user. Network traffic that could belong to such an attack has been detected.
SituationFile-Text_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library detected
Description: There is an integer overflow vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library. The vulnerability is due to a lack of parameter checking in the substringData method. A remote attacker can exploit these vulnerabilities by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user. Network traffic that could belong to such an attack has been detected.
References:
CVE-2007-2224
BID-25282
MS07-043
Back to top

MS07-042 HTTP-Microsoft-Xml-Core-Services-Memory-Corruption-Vulnerability

About this vulnerability: A vulnerability in Microsoft XML Core Services
Risk: Moderate
First detected in: sgpkg-ips-117-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Integer Overflow
Description: There exists an integer overflow vulnerability in Microsoft XML Core Services. The vulnerability is caused due to lack of parameter check in the substringData method of various MSXML ActiveX controls. A remote attack can exploit these vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationHTTP_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library detected
Description: There is an integer overflow vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library. The vulnerability is due to a lack of parameter checking in the substringData method. A remote attacker can exploit these vulnerabilities by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user. Network traffic that could belong to such an attack has been detected.
SituationFile-Text_Core-Services-And-OLE-Automation-SubstringData-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library detected
Description: There is an integer overflow vulnerability in Microsoft XML Core Services and the Microsoft Object Linking and Embedding Automation library. The vulnerability is due to a lack of parameter checking in the substringData method. A remote attacker can exploit these vulnerabilities by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user. Network traffic that could belong to such an attack has been detected.
References:
CVE-2007-2223
BID-25301
MS07-042
Back to top

MS07-041 HTTP-IIS-Malformed-Url-Denial-Of-Service

About this vulnerability: IIS malformed URL DoS
Risk: Moderate
First detected in: sgpkg-ips-63-1210
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: IIS
Type: Malfunction
Description: Microsoft IIS suffers from a vulnerability in the handling of malformed URLs. If a dynamically linked library (DLL) resource is requested multiple times via a crafted request, the server may shut down. A remote attacker can trigger the vulnerability by sending a request with the following format: GET /test/test.dll/%01/~0, where the last character may be any digit, and the previous directory name must contain a character from a certain range. A successful exploit shuts down the server, resulting in a denial of service situation.
SituationHTTP_CSU-Microsoft-IIS-Malformed-Url
Comment: Detects malformed URL attacks against IIS
Description: Detects HTTP requests attempting to exploit an IIS vulnerability related to malformed requests to .dll -files. Such requests may lead to service termination or arbitrary code execution in the the context of the IIS service.
References:
CVE-2005-4360
BID-15921
OSVDB-21805
MS07-041
Back to top

MS07-040 Microsoft-ASP.NET-Null-Byte-Termination-Vulnerability

About this vulnerability: Vulnerability in Microsoft .NET Framework
Risk: Low
First detected in: sgpkg-ips-156-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Microsoft .NET Framework
Type: Malfunction
Description: There is a a vulnerability in Microsoft .NET Framework was detected. ASP.NET component of .NET Framework may allow access to configuration files and other sensitive information when the URI is terminated with an extra null character.
SituationHTTP_CSU-Microsoft-ASP.NET-Null-Byte-Termination-Vulnerability
Comment: Detected an attempt to exploit a vulnerbility in Microsoft .NET Framework
Description: An attempt to exploit a vulnerability in Microsoft .NET Framework was detected. More specifically, the URI contains an encoded null character.
References:
CVE-2007-0042
MS07-040
Back to top

MS07-039 Microsoft-Windows-Active-Directory-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Active Directory
Risk: Moderate
First detected in: sgpkg-ips-348-4219
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: Microsoft Windows Active Directory buffer overflow.
SituationLDAP_CS-Windows-Active-Directory-Buffer-Overflow
Comment: Detects attempts to exploit a heap overflow vulnerabity in Windows Active Directory
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Windows Active Directory was detected.
References:
CVE-2007-0040
BID-24800
MS07-039
Back to top

MS07-039 Microsoft-Windows-Active-Directory-Crafted-LDAP-Request-Buffer-Overflow

About this vulnerability: A vulnerability in Microsoft Windows
Risk: Moderate
First detected in: sgpkg-ips-436-4219
Last changed: sgpkg-ips-529-5211
Platform: Windows
Software: <os>
Type: Buffer Overflow
Description: There is a heap overflow vulnerability in the way Microsoft Windows Active Directory handles LDAP messages. The vulnerability is due to lack of validation for entry length in the LDAP modify message. Remote unauthenticated attackers can exploit this vulnerability to inject and execute arbitrary code on the affected target with System level privileges. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, the System account. In an attack case where code injection is not successful, the Active Directory process, lsass.exe, will terminate abnormally, causing the entire system to shutdown and creating a denial of service condition.
SituationLDAP_CS-Microsoft-Windows-Active-Directory-Crafted-LDAP-Request-Buffer-Overflow
Comment: An attempt to exploit a vulnerability in Microsoft Windows detected
Description: There is a heap overflow vulnerability in the way Microsoft Windows Active Directory handles LDAP messages. The vulnerability is due to lack of validation for entry length in the LDAP modify message. Remote unauthenticated attackers can exploit this vulnerability to inject and execute arbitrary code on the affected target with System level privileges. If code injection attack is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security of the affected process, the System account. In an attack case where code injection is not successful, the Active Directory process, lsass.exe, will terminate abnormally, causing the entire system to shutdown and creating a denial of service condition.
References:
CVE-2007-0040
BID-24800
OSVDB-35960
MS07-039
Back to top

MS07-036 Microsoft-Excel-rtWindow1-Record-Handling-Code-Execution

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-114-2032
Last changed: sgpkg-ips-529-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Excel Viewer
Type: Input Validation
Description: There is a memory corruption vulnerability in Microsoft Excel. The memory corrution happens when Excel attempts to open files that contain invalid values within the rtWindow1 records. A remote attacker can exploit this vulnerability by persuading a target user to open a specially crafted XLS file, potentially causing arbitrary code to be injected and executed in the security context of the logged in user.
SituationHTTP_Microsoft-Excel-rtWindow1-Record-Handling-Code-Execution
Comment: An attempt to exploit memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected.
SituationFile-OLE_Microsoft-Excel-rtWindow1-Record-Handling-Code-Execution
Comment: An attempt to exploit memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected.
References:
CVE-2007-3029
BID-22555
OSVDB-35958
MS07-036
Back to top

MS07-036 Microsoft-Excel-Version-Information-Handling-Code-Execution

About this vulnerability: Memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-114-2032
Last changed: sgpkg-ips-529-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Excel Viewer
Type: Input Validation
Description: There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is a result of insufficient data validation while processing the Version Number field in a BOF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationHTTP_Microsoft-Excel-Version-Information-Handling-Code-Execution
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected. The vulnerability is a result of insufficient data validation while processing the Version Number field in a BOF record.
SituationFile-OLE_Microsoft-Excel-Version-Information-Handling-Code-Execution
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected. The vulnerability is a result of insufficient data validation while processing the Version Number field in a BOF record.
References:
CVE-2007-1756
BID-24801
OSVDB-35957
MS07-036
Back to top

MS07-036 Microsoft-Excel-Workbook-Workspace-Designation-Handling-Code-Execution

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-114-2032
Last changed: sgpkg-ips-529-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Excel Viewer
Type: Input Validation
Description: There is a memory corruption vulnerability in Microsoft Excel. The vulnerability is a result of insufficient data validation while processing the SubStreamType field in a BOF record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationHTTP_Microsoft-Excel-Workbook-Workspace-Designation-Handling-Code-Execution
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected. The vulnerability is a result of insufficient data validation while processing the SubStreamType field in a BOF record.
SituationFile-OLE_Microsoft-Excel-Workbook-Workspace-Designation-Handling-Code-Execution
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected. The vulnerability is a result of insufficient data validation while processing the SubStreamType field in a BOF record.
References:
CVE-2007-3030
BID-24803
OSVDB-35959
MS07-036
Back to top

MS07-035 Microsoft-Windows-Resource-URI-Win32-API-Code-Execution-Vulnerability

About this vulnerability: A code execution vulnerability in Microsoft Windows' resource URI protocol handler
Risk: High
First detected in: sgpkg-ips-113-2032
Last changed: sgpkg-ips-529-5211
Platform: Windows 2000; Windows XP; Windows 2003
Software: <os>
Type: Input Validation
Description: There is a vulnerability in the resource protocol handler in Microsoft Windows. The vulnerability is caused by the lack of proper validation of API parameters. An attacker can exploit the vulnerability for code execution by manipulating an application into making API calls with malformed parameters. Any code injected into the application would be executed within the security context of the currently logged in user.
SituationHTTP_Microsoft-Windows-Resource-URI-Win32-API-Code-Execution-Vulnerability
Comment: Attempt to exploit a code execution vulnerability in Microsoft Windows detected
Description: An attempt to exploit Microsoft Windows Win32 API call via a crafted resource URI was detected.
SituationFile-Text_Microsoft-Windows-Resource-URI-Win32-API-Code-Execution-Vulnerability
Comment: Attempt to exploit a code execution vulnerability in Microsoft Windows detected
Description: An attempt to exploit Microsoft Windows Win32 API call via a crafted resource URI was detected.
References:
CVE-2007-2219
BID-24370
OSVDB-35341
MS07-035
Back to top

MS07-034 Microsoft-Windows-Vista-Windows-Mail-File-Execution

About this vulnerability: A vulnerability in Microsoft Windows Mail
Risk: Moderate
First detected in: sgpkg-ips-436-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: <os>
Type: Malfunction
Description: There is a vulnerability in Microsoft Windows Mail product. The vulnerability is due to insufficient validation of URLs in incoming emails. A remote attacker can exploit this vulnerability by enticing a target user to open an email message and click on a specially crafted URL within the message which refers to an executable file on the client system. Successful exploitation would allow for arbitrary command execution with the privileges of the currently logged-in user. The vulnerable program (Windows Mail) may not show any abnormal behaviour when this vulnerability is triggered. The behaviour of the target host, however, is entirely dependent on the intended function of the executed file. The file in such a case would execute within the security context of the current user.
SituationFile-Text_Microsoft-Windows-Vista-Windows-Mail-File-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Windows Mail detected
Description: There is a vulnerability in Microsoft Windows Mail product. The vulnerability is due to insufficient validation of URLs in incoming emails. A remote attacker can exploit this vulnerability by enticing a target user to open an email message and click on a specially crafted URL within the message which refers to an executable file on the client system. Successful exploitation would allow for arbitrary command execution with the privileges of the currently logged-in user. The vulnerable program (Windows Mail) may not show any abnormal behaviour when this vulnerability is triggered. The behaviour of the target host, however, is entirely dependent on the intended function of the executed file. The file in such a case would execute within the security context of the current user.
References:
CVE-2007-1658
BID-23103
MS07-034
Back to top

MS07-033 HTTP-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in the instantiation of certain COM objects in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-111-2032
Last changed: sgpkg-ips-529-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in the instantiation of certain COM objects in Microsoft Internet Explorer. The vulnerability can be exploited remotely by persuading a user to visit a malicious web site with the vulnerable browser to execute arbitrary code under the context of the currently logged-in user.
SituationHTTP_SS-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation-Memory-Corruption
Comment: Malicious usage of COM objects that are not implemented as ActiveX controls detected
Description: Malicious use of COM objects that are not implemented as ActiveX controls was detected. When a crafted web site is opened with a vulnerable version of Internet Explorer, the browser is terminated or arbitrary code is executed with the privileges of the currently logged in user.
SituationFile-Text_Microsoft-Internet-Explorer-Urlmon.dll-Com-Object-Instantiation
Comment: Malicious usage of COM objects that are not implemented as ActiveX controls detected
Description: Malicious use of COM objects that are not implemented as ActiveX controls was detected. When a crafted web site is opened with a vulnerable version of Internet Explorer, the browser is terminated or arbitrary code is executed with the privileges of the currently logged in user.
References:
CVE-2007-0218
BID-24372
OSVDB-35348
MS07-033
Back to top

MS07-033 HTTP-Microsoft-Internet-Explorer-CSS-Tag-Handling-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in the handling of certain HTML tags containing a specially crafted CSS style attribute in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-111-2032
Last changed: sgpkg-ips-529-5211
Platform: Windows
Software: Internet Explorer 6.0
Type: Malfunction
Description: There is a memory corruption vulnerability in the handling of certain HTML tags containing a specially crafted CSS style attribute in Microsoft Internet Explorer. The vulnerability can be exploited remotely by persuading a user to visit a malicious web site with the vulnerable browser to execute arbitrary code under the context of the currently logged-in user.
SituationHTTP_SS-Microsoft-Internet-Explorer-CSS-Tag-Handling-Memory-Corruption
Comment: Memory corruption exploit against Microsoft Internet Explorer detected
Description: A memory corruption exploit against Microsoft Internet Explorer was detected. A successful exploit leads to non-privileged arbitrary code execution.
SituationFile-Text_Microsoft-Internet-Explorer-CSS-Tag-Handling-Memory-Corruption
Comment: Memory corruption exploit against Microsoft Internet Explorer detected
Description: A memory corruption exploit against Microsoft Internet Explorer was detected. A successful exploit leads to non-privileged arbitrary code execution.
References:
CVE-2007-1750
BID-24423
OSVDB-35349
MS07-033
Back to top

MS07-033 Internet-Explorer-7-Navigation-Canceled-Page-Cross-Site-Scripting

About this vulnerability: A cross-site scripting vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-101-1314
Last changed: sgpkg-ips-529-5211
Platform: Windows
Software: Internet Explorer
Type: Cross-site Scripting
Description: There is a cross-site scripting vulnerability in Microsoft Internet Explorer 7. The vulnerability is due to an input validation error in the local resource page navcancl.htm when generating the page refresh link in Internet Explorer 7. Successful exploitation can allow the attacker to execute a cross-site scripting or phishing attack.
SituationHTTP_Internet-Explorer-7-Navigation-Canceled-Page-Cross-Site-Scripting
Comment: Attempt to exploit cross-site scripting vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a cross-site scripting vulnerability in Microsoft Internet Explorer was detected. The vulnerability is due to an input validation error in the local resource page navcancl.htm when generating the "Refresh the page" link in Internet Explorer 7.
SituationFile-Text_Internet-Explorer-7-Navigation-Canceled-Page-Cross-Site-Scripting
Comment: Attempt to exploit cross-site scripting vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a cross-site scripting vulnerability in Microsoft Internet Explorer was detected. The vulnerability is due to an input validation error in the local resource page navcancl.htm when generating the "Refresh the page" link in Internet Explorer 7.
References:
CVE-2007-1499
BID-22966
OSVDB-35352
MS07-033
Back to top

MS07-033 Microsoft-Internet-Explorer-Speech-Control-Memory-Corruption

About this vulnerability: Remote exploitable vulnerability in Microsoft Speech API
Risk: High
First detected in: sgpkg-ips-111-2032
Last changed: sgpkg-ips-529-5211
Platform: Windows
Software: Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in the Microsoft Speech API (SAPI) ActiveX controls. The vulnerability can be triggered by passing overly long string to various method of the SAPI ActiveX controls. An attacker can exploit this vulnerability for code execution by enticing a target user to open a malicious HTML document. Any code injected using this vulnerability would be executed in the security context of the currently logged in user.
SituationHTTP_SS-Microsoft-Internet-Explorer-Speech-Control-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Speech API detected
Description: There is a buffer overflow vulnerability in the Microsoft Speech API (SAPI) ActiveX controls. The vulnerability can be triggered by passing an overly long string to various method of the SAPI ActiveX controls.
SituationFile-Text_Microsoft-Internet-Explorer-Speech-Control-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Speech API detected
Description: There is a buffer overflow vulnerability in the Microsoft Speech API (SAPI) ActiveX controls. The vulnerability can be triggered by passing an overly long string to various method of the SAPI ActiveX controls.
References:
CVE-2007-2222
BID-24426
OSVDB-35353
MS07-033
Back to top

MS07-031 HTTPS-Microsoft-Schannel-Security-Package-Compromise

About this vulnerability: Remote code execution vulnerability in Microsoft Schannel Security Package
Risk: High
First detected in: sgpkg-ips-111-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000;Windows XP;Windows 2003
Software: <os>
Type: Buffer Overflow
Description: Microsoft Schannel SSL client does not handle invalid SSL ServerKeyExchange messages correctly. A malicious SSL server can use a specially crafted handshake message to execute arbitrary code on vulnerable SSL clients connecting to it.
SituationHTTPS_SS-Microsoft-Schannel-Security-Package-Compromise
Comment: Attempts to detect invalid Server Key Exchange server handshake messages
Description: Attempts to detect invalid Server Key Exchange messages from the SSL server handshake. A successful exploit allows the server to execute arbitrary code on a vulnerable client.
References:
CVE-2007-2218
BID-24416
MS07-031
Back to top

MS07-030 Microsoft-Visio-Version-Number-Handling-Code-Execution

About this vulnerability: A vulnerability in Microsoft Visio
Risk: High
First detected in: sgpkg-ips-114-2032
Last changed: sgpkg-ips-529-5211
Platform: Windows
Software: Microsoft Visio
Type: Input Validation
Description: There is a remote code-execution vulnerability in Microsoft Visio. The vulnerability is due to insufficient validating of user-supplied data while processing Version Number. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Microsoft Visio file, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationHTTP_Microsoft-Visio-Version-Number-Handling-Code-Execution
Comment: Attempt to exploit a vulnerability in Microsoft Visio was detected
Description: An attempt to exploit a vulnerability in Microsoft Visio was detected.
SituationFile-OLE_Microsoft-Visio-Version-Number-Handling-Code-Execution
Comment: Attempt to exploit a vulnerability in Microsoft Visio was detected
Description: An attempt to exploit a vulnerability in Microsoft Visio was detected.
References:
CVE-2007-0934
BID-24349
OSVDB-35342
MS07-030
Back to top

MS07-029 Microsoft-Windows-DNS-Server-RPC-Management-Interface-Buffer-Overflow

About this vulnerability: Buffer overflow vulnerability in Microsoft Windows Domain Name System Server services
Risk: High
First detected in: sgpkg-ips-103-1314
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000 Server; Windows 2000 Advanced Server; Windows 2000 Datacenter Server; Windows 2003
Software: <os>
Type: Buffer Overflow
Description: There is a stack-based buffer overflow vulnerability in Microsoft Windows Domain Name System Server services. A crafed RPC call with a malicious string as the zone name parameter allows arbitrary code execution with the privileges of the affected service process.
SituationMSRPC-TCP_CPS-Microsoft-Windows-DNS-Server-RPC-Management-Interface-BOF
Comment: Buffer overflow exploit against Microsoft Windows Domain Name System Server services detected
Description: A buffer overflow exploit against Microsoft Windows Domain Name System Server services was detected. A successful exploit may lead to a denial of service terminating the affected service or a root/system level compromise.
SituationGeneric_Microsoft-Windows-DNS-Server-RPC-Management-Interface-Buffer-Overflow
Comment: Buffer overflow exploit against Microsoft Windows Domain Name System Server services detected
Description: A buffer overflow exploit against Microsoft Windows Domain Name System Server services was detected. A successful exploit may lead to a denial of service terminating the affected service or a root/system level compromise.
References:
CVE-2007-1748
BID-23470
MS07-029
Back to top

MS07-028 Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability

About this vulnerability: Vulnerable ActiveX control allow access to the local system
Risk: High
First detected in: sgpkg-ips-113-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft BizTalk Server; Microsoft CAPICOM
Type: Malfunction
Description: There is a vulnerability in the Microsoft Cryptographic API Component Object Model (CAPICOM) Certificates ActiveX control included in Microsoft BizTalk Server. The vulnerability allows arbitrary code execution in the context of the current user.
SituationHTTP_Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability
Comment: Attempt to access vulnerabile ActiveX component
Description: An attempt to access a vulnerable Microsoft CAPICOM ActiveX component has been detected.
SituationFile-Text_Microsoft-CAPICOM-Certificates-ActiveX-Control-Vulnerability
Comment: Attempt to access vulnerabile ActiveX component
Description: An attempt to access a vulnerable Microsoft CAPICOM ActiveX component has been detected.
References:
CVE-2007-0940
BID-23782
OSVDB-34397
MS07-028
Back to top

MS07-027 Internet-Explorer-Chtskdic.dll-Com-Object-Instantiation-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-107-2032
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. The flaw is due to improper handling of a COM object implemented by chtskdic.dll that is not designed to work with Internet Explorer. By persuading a user to visit a malicious web site, a remote attacker may execute arbitrary code on the target system with the privileges of the currently logged on user.
SituationHTTP_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability
Comment: Detects HTML pages trying to use CLSIDs of msoe.dll, chtskdic.dll and imskdic.dll, possible exploit
Description: Detects HTML pages using the CLSIDs of msoe.dll, chtskdic.dll and imskdic.dll. These COM objects should never be instantiated as ActiveX objects, and may be used in exploits against Internet Explorer"
SituationFile-Text_Internet-Explorer-MSOE-CHTSKDIC-And-IMSKDIC-Com-Object-Vulnerability
Comment: Detects HTML pages trying to use CLSIDs of msoe.dll, chtskdic.dll and imskdic.dll, possible exploit
Description: Detects HTML pages using the CLSIDs of msoe.dll, chtskdic.dll and imskdic.dll. These COM objects should never be instantiated as ActiveX objects, and may be used in exploits against Internet Explorer"
References:
CVE-2007-0942
BID-19529
OSVDB-34399
MS07-027
Back to top

MS07-026 IMAP-Microsoft-Exchange-Server-Literal-Processing-Buffer-Overflow

About this vulnerability: Buffer overflow in Microsoft Exchange Server when processing IMAP literal octets
Risk: Moderate
First detected in: sgpkg-ips-106-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Exchange Server 2000
Type: Buffer Overflow
Description: Certain versions of Microsoft Exchange Server 2000 have a buffer overflow vulnerability in the handling of the IMAP protocol. IMAP protocol messages using the IMAP command continuation method specifying a large number of octets may cause a buffer overflow and memory corruption in the server process. The vulnerability allows remote attackers to perform denial of service attacks on vulnerable Exchange servers.
SituationIMAP_Microsoft-Exchange-Server-Literal-Processing-Buffer-Overflow
Comment: An attempt to exploit the IMAP literal processing buffer overflow vulnerability in Microsoft Exchange Server 2000
Description: Detects attempts to exploit the IMAP literal processing buffer overflow vulnerability in Microsoft Exchange Server 2000. Passing a large literal value via the IMAP command continuation method to the Exchange server may lead to a buffer overflow and memory corruption in the server process. The vulnerability can be used to cause denial of service conditions.
References:
CVE-2007-0221
BID-23810
OSVDB-34392
MS07-026
Back to top

MS07-026 Microsoft-Exchange-Server-ICalendar-DOS

About this vulnerability: Null Pointer dereference in Exchange Server allows Denial of Service
Risk: High
First detected in: sgpkg-ips-107-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Exchange Server
Type: Malfunction
Description: There is a denial of service vulnerability in Microsoft Exchange Server, due to the way Microsoft Exchange Server handles calendar content requests, known asiCal. The vulnerability is a result of NULL pointer dereference when processing crafted iCalendar objects inside email messages. Successful exploitation of this vulnerability can allow a remote unauthenticated attacker to terminate the Microsoft Exchange Information Store service.
SituationSMTP_Microsoft-Exchange-Server-iCal-Denial-Of-Service
Comment: Denial of Service against Microsoft Exchange Server detected
Description: An attack exploiting a null pointer dereference in Microsoft Exchange Server was detected. A successful exploit terminates the Exchange Server application, causing a denial of service.
References:
CVE-2007-0039
BID-23808
OSVDB-34391
MS07-026
Back to top

MS07-026 Microsoft-Exchange-Server-Mime-Base64-Decoding-Code-Execution

About this vulnerability: Buffer overflow vulnerability in Microsoft Exchange Server
Risk: Critical
First detected in: sgpkg-ips-107-2032
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Exchange Server
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Exchange Server. A remote unauthenticated attacker can exploit this vulnerability by sending an email message with malformed Base64 encoded MIME content to cause a denial of service or compromise the vulnerable system.
SituationSMTP_Microsoft-Exchange-Server-Mime-Base64-Decoding-Code-Execution
Comment: Buffer overflow exploit against Microsoft Exchange Server detected
Description: A buffer overflow exploit against Microsoft Exchange Server was detected. A successful exploit leads to a denial of service terminating the Microsoft Exchange Information Store service or arbitrary code execution with the privileges of the Exchange Server application, normally System.
References:
CVE-2007-0213
BID-23809
OSVDB-34391
MS07-026
Back to top

MS07-023 Microsoft-Excel-Biff-File-Format-Named-Graph-Record-Parsing-Stack-Overflow

About this vulnerability: A stack overflow vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-106-2032
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Excel Viewer
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Excel and Microsoft Excel Viewer. The vulnerability is the result of insufficient boundary checking when parsing a Named Graph Record from native OLE formatted files. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationFile-OLE_Microsoft-Excel-Named-Graph-Record-Parsing-Stack-Overflow
Comment: Attempt to exploit stack overflow vulnerability in Microsoft Excel detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Excel was detected. The vulnerability is the result of insufficient boundary checking when parsing a Named Graph Record.
References:
CVE-2007-0215
BID-23760
OSVDB-34393
MS07-023
Back to top

MS07-023 Microsoft-Excel-Malformed-Filter-Records-Handling-Code-Execution

About this vulnerability: A vulnerability in Microsoft Excel
Risk: Moderate
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Excel; Microsoft Excel Viewer; Microsoft Office
Type: Malfunction
Description: A memory corruption vulnerability exists in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing Excel AutoFilter records. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.
SituationFile-OLE_Microsoft-Excel-Malformed-Filter-Records-Handling-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A memory corruption vulnerability exists in the way Microsoft Excel processes files. The vulnerability is a result of insufficient data validation while processing Excel AutoFilter records. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.
References:
CVE-2007-1214
BID-23780
OSVDB-34395
MS07-023
Back to top

MS07-023 Microsoft-Excel-Set-Font-Handling-Code-Execution

About this vulnerability: A buffer overflow vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-414-4219
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Excel; Microsoft Excel Viewer
Type: Malfunction
Description: There is a buffer overflow vulnerability in Microsoft Excel. The vulnerability is a result of insufficient boundary checking while processing FBI (Font Basis Info) record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user.
SituationFile-OLE_Microsoft-Excel-Set-Font-Handling-Code-Execution
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: A buffer overflow vulnerability exists in the way Microsoft Excel processes files. The vulnerability is a result of insufficient boundary checking while processing FBI (Font Basis Info) record. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted Excel file, potentially causing arbitrary code to be injected and executed in the security context of the current user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, Excel will terminate resulting in the loss of any unsaved data from the current session.
References:
CVE-2007-1203
BID-23779
OSVDB-34394
MS07-023
Back to top

MS07-019 Microsoft-Windows-UPnP-Service-Remote-Code-Execution

About this vulnerability: Buffer overflow vulnerability in Microsoft Windows Unversal Plug and Play service
Risk: High
First detected in: sgpkg-ips-102-1314
Last changed: sgpkg-ips-545-5211
Platform: Windows XP SP2; Windows XP 64-bit SP0; Windows XP 64-bit SP2
Software: <os>
Type: Buffer Overflow
Description: There is a memory corruption vulnerability in the Microsoft Windows Universal Plug and Play service. The vulnerability is due to a failure to handle specially crafted HTTP requests. A remote attacker can exploit this vulnerability to cause a denial of service condition, or inject and execute arbitrary code on the target system with the privileges of the Local Service account.
SituationHTTP_CS-Microsoft-Windows-UPnP-Service-Remote-Code-Execution
Comment: Attempt to exploit buffer overflow vulnerability in Microsoft Windows detected
Description: An attempt to exploit a buffer overflow in the Microsoft Windows Universal Plug and Play (UPnP) service was detected. A remote attacker can exploit this vulnerability to cause a denial of service condition, or inject and execute arbitrary code on the target system with the privileges of the Local Service account.
SituationGeneric_Microsoft-Windows-UPnP-Service-Remote-Code-Execution
Comment: Attempt to exploit buffer overflow vulnerability in Microsoft Windows detected
Description: An attempt to exploit a buffer overflow in the Microsoft Windows Universal Plug and Play (UPnP) service was detected. A remote attacker can exploit this vulnerability to cause a denial of service condition, or inject and execute arbitrary code on the target system with the privileges of the Local Service account.
References:
CVE-2007-1204
BID-23371
OSVDB-34010
MS07-019
Back to top

MS07-017 Ani-Windows-Animated-Cursor-Code-Execution

About this vulnerability: Incorrect length field buffer overflow
Risk: High
First detected in: sgpkg-ips-101-1314
Last changed: sgpkg-ips-545-5211
Platform: Windows 2000 SP4; Windows 2003; Windows XP SP2; Windows Vista
Software: <os>
Type: Buffer Overflow
Description: Microsoft Windows incorrectly parses the AnimationHeader information in ANI files. The length of the header should be 36 bytes, but the value is not checked properly. This allows specially-crafted ANI files to cause a buffer overflow, leading to arbitrary code execution. Animated cursors can be supplied by web pages, which allows malicious web sites to compromise systems when they are viewed with Internet Explorer. Also, viewing folders that contain malicious ANI files causes a buffer overflow in Windows Explorer.
SituationHTTP_Ani-Windows-Animationheader-Length-Buffer-Overflow
Comment: Malicious ANI file detected, possible system compromise
Description: Windows Animated Cursor ANI files are not parsed correctly by most versions of Windows Explorer or Internet Explorer. An ANI file with the length of the header declared to be too large causes a buffer overflow and allows arbitrary code execution. This fingerprint detects attempts to download such ANI files from web servers.
SituationE-Mail_BS-Ani-Windows-Animationheader-Length-Buffer-Overflow
Comment: Malicious ANI file detected, possible system compromise
Description: Windows Animated Cursor ANI files are not parsed correctly by most versions of Windows Explorer or Internet Explorer. An ANI file with the length of the header declared to be too large causes a buffer overflow and allows arbitrary code execution. This fingerprint detects attempts to transfer malicious ANI files as an email attachment.
SituationFile-RIFF_Ani-Windows-Animationheader-Length-Buffer-Overflow
Comment: Malicious ANI file detected, possible system compromise
Description: Windows Animated Cursor ANI files are not parsed correctly by most versions of Windows Explorer or Internet Explorer. An ANI file with the length of the header declared to be too large causes a buffer overflow and allows arbitrary code execution. This fingerprint detects attempts to download such ANI files from web servers.
References:
CVE-2007-0038
BID-23194
OSVDB-33629
MS07-017
Back to top

MS07-016 FTP-Microsoft-Internet-Explorer-FTP-Response-Parsing-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in Internet Explorer
Risk: High
First detected in: sgpkg-ips-97-1314
Last changed: sgpkg-ips-545-5211
Platform: Windows
Software: Internet Explorer
Type: Buffer Overflow
Description: There is a memory corruption vulnerability in Internet Explorer. By persuading a target user to visit a malicious web page, a remote attacker may execute arbitrary code on the target host with the privileges of the currently logged in user.
SituationFTP_SS-Microsoft-Internet-Explorer-FTP-Response-Parsing-Memory-Corruption
Comment: Detects memory corruption exploits against Internet Explorer
Description: Detects memory corruption exploits against Internet Explorer. A crafted FTP response can lead to a denial of service or non-privileged arbitrary code execution.
References:
CVE-2007-0217
BID-22489
OSVDB-31892
MS07-016
Back to top

MS07-016 HTTP_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in Microsoft Internet Explorer
Risk: High
First detected in: sgpkg-ips-97-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Internet Explorer. The flaw is due to improper handling of certain COM objects that are not designed to work with Internet Explorer. By persuading a user to visit a malicious web site, a remote attacker may execute arbitrary code on the target system with the privileges of the currently logged in user.
SituationHTTP_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
SituationFile-Text_Internet-Explorer-Imjpcksid.dll-Com-Object-Memory-Corruption
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Internet Explorer was detected.
References:
CVE-2006-4697
BID-22486
OSVDB-31891
MS07-016
Back to top

MS07-016 HTTP_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in Microsoft Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-97-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a vulnerability in the way Microsoft Internet Explorer instantiates certain COM objects that are not designed to be used as ActiveX controls. When instantiation of such COM objects is attempted by Internet Explorer, the application memory can be corrupted as a result. Successful exploitation of this vulnerability can allow for arbitrary code execution within the security context of the currently logged in user.
SituationHTTP_SS-Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in the way Microsoft Internet Explorer instantiates certain COM objects was detected.
SituationFile-Text_Internet-Explorer-Multiple-Com-Objects-Instantiation-Memory-Corruption
Comment: Attempt to exploit memory corruption vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a memory corruption vulnerability in the way Microsoft Internet Explorer instantiates certain COM objects was detected.
References:
CVE-2007-0219
BID-22504
OSVDB-31895
OSVDB-31894
OSVDB-31893
MS07-016
Back to top

MS07-015 Microsoft-Office-Drawing-Record-Msofbtopt-Code-Execution

About this vulnerability: Code execution vulnerability in Microsoft Office
Risk: High
First detected in: sgpkg-ips-102-1314
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Office; Microsoft Project; Microsoft Visio
Type: Input Validation
Description: There is a vulnerability in Microsoft Office products. The flaw is due to improper handling of Microsoft Office files containing malformed records. An attacker can exploit this vulnerability by enticing an unsuspecting user to open a malicious Office document. This flaw may allow the attacker to execute arbitrary code in the context of the currently logged-in user.
SituationHTTP_Microsoft-Office-Drawing-Record-Msofbtopt-Code-Execution
Comment: Attempt to exploit code execution vulnerability in Microsoft Office detected
Description: An attempt to exploit a code exection vulnerability in Microsoft Office products was detected. The flaw is due to improper handling of Microsoft Office files containing malformed records. An attacker can exploit this vulnerability by enticing an unsuspecting user to open a malicious Office document.
SituationFile-OLE_Microsoft-Office-Drawing-Record-Msofbtopt-Code-Execution
Comment: Attempt to exploit code execution vulnerability in Microsoft Office detected
Description: An attempt to exploit a code exection vulnerability in Microsoft Office products was detected. The flaw is due to improper handling of Microsoft Office files containing malformed records. An attacker can exploit this vulnerability by enticing an unsuspecting user to open a malicious Office document.
References:
CVE-2007-0671
BID-22383
OSVDB-31901
MS07-015
Back to top

MS07-014 HTTP-Microsoft-Word-Formatted-Disk-Pages-Table-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in Microsoft Word
Risk: High
First detected in: sgpkg-ips-88-1314
Last changed: sgpkg-ips-518-5211
Platform: Generic
Software: Microsoft Word
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Word. The vulnerability can be exploited by delivering a malicious Word document to the target user who opens it with the affected application. This leads to a DoS terminating the vulnerable appalication or arbitrary code execution with the privileges of the currently logged in user.
SituationHTTP_SS-Microsoft-Word-Formatted-Disk-Pages-Table-Memory-Corruption
Comment: Malicious Word document detected
Description: Malicious Word document detected. Opening a crafted document with an affected version of the vulnerable software leads to non-privileged code execution.
SituationFile-OLE_Microsoft-Word-Formatted-Disk-Pages-Table-Memory-Corruption
Comment: Malicious Word document detected
Description: Malicious Word document detected. Opening a crafted document with an affected version of the vulnerable software leads to non-privileged code execution.
References:
CVE-2006-6561
BID-21589
MS07-014
Back to top

MS07-014 HTTP-Microsoft-Word-Section-Table-Array-Buffer-Overflow

About this vulnerability: Buffer overflow vulnerability in Microsoft Word
Risk: High
First detected in: sgpkg-ips-97-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Word
Type: Buffer Overflow
Description: There is a stack buffer overflow vulnerability in Microsoft Word. The vulnerability can be exploited by delivering a malicious Word document with a malformed PLCFSED record inside the Table Stream to the target user who opens it with the affected application. This leads to a denial of service condition terminating the vulnerable appalication or arbitrary code execution with the privileges of the currently logged in user.
SituationE-Mail_BS-Microsoft-Word-Section-Table-Array-Buffer-Overflow
Comment: Malicious Word document detected
Description: Malicious Word document detected. Opening a crafted document that contains a malformed PLCFSED record inside the Table Stream with an affected version of the vulnerable software may lead to non-privileged code execution.
SituationHTTP_Microsoft-Word-Section-Table-Array-Buffer-Overflow
Comment: Malicious Word document detected
Description: Malicious Word document detected. Opening a crafted document that contains a malformed PLCFSED record inside the Table Stream with an affected version of the vulnerable software may lead to non-privileged code execution.
SituationFile-OLE_Microsoft-Word-Section-Table-Array-Buffer-Overflow
Comment: Malicious Word document detected
Description: Malicious Word document detected. Opening a crafted document that contains a malformed PLCFSED record inside the Table Stream with an affected version of the vulnerable software may lead to non-privileged code execution.
References:
CVE-2007-0515
BID-22225
OSVDB-31900
MS07-014
Back to top

MS07-009 HTTP-Microsoft-Internet-Explorer-Adodb.Connection-Execute-Memory-Corruption

About this vulnerability: Memory corruption vulnerability in Internet Explorer
Risk: Moderate
First detected in: sgpkg-ips-83-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Internet Explorer
Type: Malfunction
Description: There is a memory corruption vulnerability in Internet Explorer. The vulnerability can be exploited by persuading a target user to view a malicious HTML page with a vulnerable browser. This causes a DoS or arbitrary non-privileged code execution on the victim's computer.
SituationHTTP_SS-Vulnerable-Microsoft-Internet-Explorer-Function-Called
Comment: Vulnerable Microsoft Internet Explorer function called
Description: Detects calls to a function that Microsoft Internet Explorer does not handle properly. By persuading a target user to visit a crafted web page containing a function call to the 'Execute' method of an 'ADODB.Connection.2.7' ActiveX object with a crafted third argument, a remote attacker can terminate the vulnerable browser or execute arbitrary non-privileged code.
SituationFile-Text_Vulnerable-Microsoft-Internet-Explorer-Function-Called
Comment: Vulnerable Microsoft Internet Explorer function called
Description: Detects calls to a function that Microsoft Internet Explorer does not handle properly. By persuading a target user to visit a crafted web page containing a function call to the 'Execute' method of an 'ADODB.Connection.2.7' ActiveX object with a crafted third argument, a remote attacker can terminate the vulnerable browser or execute arbitrary non-privileged code.
References:
CVE-2006-5559
BID-20704
OSVDB-31882
MS07-009
Back to top

MS07-008 HTTP-Microsoft-HTML-Help-ActiveX-Control-Remote-Code-Execution-Vulnerability

About this vulnerability: Vulnerability in HTML Help ActiveX Control Can Allow Remote Code Execution
Risk: Moderate
First detected in: sgpkg-ips-96-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000; Windows 2003; Windows XP
Software: <os>
Type: Malfunction
Description: There is a vulnerability in the Microsoft Windows HTML Help ActiveX control. The flaw is caused by an improper check during the processing of the parameters in HTML Help Control ActiveX Objects. An attacker can exploit this vulnerability to inject and execute arbitrary code in the security context of the currently logged in user.
SituationHTTP_Vulnerable-HTML-Help-ActiveX-Control-Access
Comment: Detects access to vulnerable HTML Help ActiveX Control
Description: Detects access to the vulnerable HTML Help ActiveX Control. The ActiveX Control can be remotely exploited. A successful exploit leads to arbitrary code execution with the privileges of the currently logged in user.
SituationFile-Text_Vulnerable-HTML-Help-ActiveX-Control-Access
Comment: Detects access to vulnerable HTML Help ActiveX Control
Description: Detects access to the vulnerable HTML Help ActiveX Control. The ActiveX Control can be remotely exploited. A successful exploit leads to arbitrary code execution with the privileges of the currently logged in user.
References:
CVE-2007-0214
BID-22478
OSVDB-31884
MS07-008
Back to top

MS07-005 Microsoft-Step-By-Step-Interactive-Training-Bookmark-Link-File-BOF

About this vulnerability: Buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training
Risk: High
First detected in: sgpkg-ips-97-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Step-by-Step Interactive Training
Type: Buffer Overflow
Description: There is a stack-based buffer overflow vulnerability in Microsoft Step-by-Step Interactive Training. By delivering a malicious bookmark link file to a target user who opens the file with a vulnerable version of the affected product, a remote attacker may cause a denial of service terminating the affected application or execute arbitrary code with the privileges of the currently logged in user.
SituationHTTP_Malicious-Microsoft-Step-By-Step-Interactive-Training-Bookmark-Link-File
Comment: Malicious Microsoft Step-by-Step Interactive Training bookmark link was detected
Description: A malicious Microsoft Step-by-Step Interactive Training bookmark link was detected. Opening the file with an affected product may lead to non-privileged arbitrary code execution.
SituationFile-TextId_Microsoft-Step-By-Step-Interactive-Training-Bookmark-Link
Comment: Malicious Microsoft Step-by-Step Interactive Training bookmark link was detected
Description: A malicious Microsoft Step-by-Step Interactive Training bookmark link was detected. Opening the file with an affected product may lead to non-privileged arbitrary code execution.
References:
CVE-2006-3448
BID-22484
OSVDB-31883
MS07-005
Back to top

MS07-004 Microsoft-Internet-Explorer-VML-Buffer-Overrun

About this vulnerability: A format string vulnerability in Apple iPhoto
Risk: High
First detected in: sgpkg-ips-91-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows 2000 SP4; Windows XP; Windows XP 64-bit; Windows 2003; Windows 2003 64-bit
Software: Internet Explorer 5.0; Internet Explorer 6.0; Internet Explorer 7.0
Type: Buffer Overflow
Description: There is a buffer overrun vulnerability in Microsoft Internet Explorer. A crafted Vector Markup Language (VML) formatted file may be used to execute code in the privilege of the current user.
SituationHTTP_Microsoft-Internet-Explorer-VML-Buffer-Overrun
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Internet Explorer was detected. This may lead to code execution with the priviledges of the current user.
SituationFile-Text_Microsoft-Internet-Explorer-VML-Buffer-Overrun
Comment: An attempt to exploit a vulnerability in Microsoft Internet Explorer detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Internet Explorer was detected. This may lead to code execution with the priviledges of the current user.
References:
CVE-2007-0024
BID-21930
OSVDB-31250
MS07-004
Back to top

MS07-003 Microsoft-Outlook-iCal-Meeting-Request-Vevent-Record-Memory-Corruption

About this vulnerability: A memory corruption vulnerability in Microsoft Outlook
Risk: High
First detected in: sgpkg-ips-92-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows
Software: Microsoft Outlook
Type: Buffer Overflow
Description: There is a memory corruption vulnerability in Microsoft Outlook. A crafted iCal meeting request may be used to execute arbitary code in the context of the current user.
SituationE-Mail_BS-Microsoft-Outlook-iCal-Meeting-Request-Vevent-Record-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Outlook detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Outlook was detected.
SituationFile-TextId_Microsoft-Outlook-iCal-Meeting-Request-Vevent-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Outlook detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Outlook was detected.
References:
CVE-2007-0033
BID-21931
OSVDB-31252
MS07-003
Back to top

MS07-002 Microsoft-Excel-Column-Record-Handling-Memory-Corruption

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-93-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows; Mac OS
Software: Microsoft Excel
Type: Malfunction
Description: There is a memory corruption vulnerability in Microsoft Excel. A crafted Excel spreadsheet file (XLS) can be used to terminate the affected product or execute non-privileged arbitary code.
SituationHTTP_Microsoft-Excel-Column-Record-Handling-Memory-Corruption
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected. This may lead to a termination of the vulnerable product or code execution with the privileges of the current user.
SituationFile-OLE_Microsoft-Excel-Column-Record-Handling-Memory-Corruption
Comment: An attempt to exploit a memory corruption vulnerability in Microsoft Excel detected
Description: An attempt to exploit a memory corruption vulnerability in Microsoft Excel was detected. This may lead to a termination of the vulnerable product or code execution with the privileges of the current user.
References:
CVE-2007-0030
BID-21925
OSVDB-31257
MS07-002
Back to top

MS07-002 Microsoft-Excel-Malformed-Imdata-Record

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-91-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows; Mac OS X
Software: Microsoft Excel
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Excel. A crafted Excel spreadsheet file (XLS) may be used to execute code in the privilege of the current user.
SituationHTTP_Microsoft-Excel-Malformed-Imdata-Record
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Excel was detected. This may lead to code execution with the priviledges of the current user.
SituationFile-OLE_Microsoft-Excel-Malformed-Imdata-Record
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Excel was detected. This may lead to code execution with the priviledges of the current user.
References:
CVE-2007-0027
BID-21856
OSVDB-31255
MS07-002
Back to top

MS07-002 Microsoft-Excel-Malformed-Palette-Record-Memory-Corruption

About this vulnerability: A memory corruption vulnerability in Microsoft Excel
Risk: High
First detected in: sgpkg-ips-91-1314
Last changed: sgpkg-ips-518-5211
Platform: Windows; Mac OS
Software: Microsoft Excel; Microsoft Excel Viewer
Type: Buffer Overflow
Description: There is a buffer overflow vulnerability in Microsoft Excel. A crafted Excel spreadsheet file (XLS) may be used to execute code in the privilege of the current user.
SituationHTTP_Microsoft-Excel-Malformed-Palette-Record-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Excel was detected. This may lead to code execution with the priviledges of the current user.
SituationFile-OLE_Microsoft-Excel-Malformed-Palette-Record-Memory-Corruption
Comment: An attempt to exploit a vulnerability in Microsoft Excel detected
Description: An attempt to exploit a buffer overflow vulnerability in Microsoft Excel was detected. This may lead to code execution with the priviledges of the current user.
References:
CVE-2007-0031
BID-21922
OSVDB-31258
MS07-002
Back to top