Microsoft Security Bulletins for

A remote code execution vulnerability exists in the way Microsoft Project handles specially crafted Project files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

• Check Point Response
• Update Protection against Microsoft Project Remote Code Execution Vulnerability (MS08-018) Release Date:

A remote code execution vulnerability exists in the way Microsoft Visio validates object header data in specially crafted files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

• Check Point Response
• Workaround for Multiple Microsoft Visio Vulnerabilities (MS08-019) Release Date:

A remote code execution vulnerability exists in the way Microsoft Visio validates memory allocations when loading specially-crafted .DXF files from disk into memory. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

• Check Point Response
• Workaround for Multiple Microsoft Visio Vulnerabilities (MS08-019) Release Date:

A spoofing vulnerability exists in Windows DNS clients. The vulnerability could allow an unauthenticated attacker to send malicious responses to DNS requests made by vulnerable clients, thereby spoofing or redirecting Internet traffic from legitimate locations.

• Check Point Response
• Preemptive Protection against Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020) Release Date:

A remote code execution vulnerability exists in the way that GDI handles filename parameters in EMF files. The vulnerability could allow remote code execution if a user opens a specially crafted EMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

• Check Point Response
• Update Protection against Microsoft GDI Stack Overflow Vulnerability (MS08-021) Release Date:

A remote code execution vulnerability exists in the way that GDI handles integer calculations. The vulnerability could allow remote code execution if a user opens a specially crafted EMF or WMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

• Check Point Response
• Update Protection against Microsoft GDI Heap Overflow Vulnerability (MS08-021) Release Date:

A remote code execution vulnerability exists in the way that the VBScript and JScript scripting engines decode script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Update Protection against Microsoft VBScript and JScript Scripting Engines Remote Code Execution Vulnerability (MS08-022) Release Date:

A remote code execution vulnerability exists in the ActiveX control hxvz.dll. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user

• Check Point Response
• Update Protection against Microsoft Internet Explorer hxvz.dll Remote Code Execution Vulnerability (MS08-023) Release Date:

A remote code execution vulnerability exists in Internet Explorer because of the way that it processes data streams. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

• Check Point Response

An elevation of privilege vulnerability exists due to the Windows kernel improperly validating input passed from user mode to the kernel. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response