Microsoft Security Bulletins for

An elevation of privilege vulnerability exists in Microsoft Office SharePoint Server 2007 and Microsoft Office SharePoint Server 2007 Service Pack 1. The vulnerability could allow elevation of privilege if an attacker bypasses authentication by browsing to an administrative URL on a SharePoint site. A successful attack leading to elevation of privilege could result in denial of service or information disclosure.

• Check Point Response
• Update Protection against Microsoft Office SharePoint Server Access Control Elevation of Privilege (MS08-077) Release Date:

A credential reflection vulnerability exists in the Windows Media components that could allow an attacker to execute code with the same rights as the local user or with Windows Media Services distribution credentials. The vulnerability exists due to weaknesses in Service Principal Name (SPN) implementations within Windows Media components.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.

An information disclosure vulnerability exists in supported versions of Windows Media components that could result in the disclosure of NTLM credentials. Any Windows Media component that accesses a URL that uses an ISATAP address could leak the users NTLM credentials to the server that hosts the URL. This could allow an attacker who is external to the intranet zone to gather NTLM credentials for an enterprise environment.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.

A remote code execution vulnerability exists when saving a specially crafted search file within Windows Explorer. This operation causes Windows Explorer to exit and restart in an exploitable manner.

• Check Point Response
• Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075) Release Date:

A remote code execution vulnerability exists in Windows Explorer that allows an attacker to construct a malicious web page that includes a call to the search-ms protocol handler. The protocol handler in turn passes untrusted data to Windows Explorer.

• Check Point Response
• Update Protection against Microsoft Windows Search Parsing Remote Code Execution Vulnerability (MS08-075) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel File Format Parsing Remote Code Execution Vulnerability (MS08-074) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel as a result of pointer corruption when loading Excel formulas. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed formula. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel File Format Parsing Remote Code Execution Vulnerability (MS08-074) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel as a result of stack corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel Global Array Memory Corruption Vulnerability (MS08-074) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer handles certain navigation methods. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer Parameter Validation Memory Corruption Vulnerability (MS08-073) Release Date:

A remote code execution vulnerability exists in Internet Explorer due to attempts to access uninitialized memory in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer WebDav Memory Corruption Vulnerability (MS08-073) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer URL Cache Memory Corruption Vulnerability (MS08-073) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer embeds objects into a Web page. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer HTML Rendering Memory Corruption Vulnerability (MS08-073) Release Date:

remote code execution vulnerability exists in the way that Microsoft Office Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed record value. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the current logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Word Sprm Parsing Memory Corruption Vulnerability (MS08-072) Release Date:

remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file with a malformed record. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Update Protection against Microsoft Word Memory Corruption Vulnerability (MS08-072) Release Date:

remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word or reads a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Word RTF Drawing Object Remote Code Execution Vulnerability (MS08-072) Release Date:

remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file with a malformed value. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Update Protection against Microsoft Word Global Array Memory Corruption Vulnerability (MS08-072) Release Date:

remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file with malformed control words in Word, or views or previews a specially crafted RTF file with malformed control words in rich text e-mail. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.

remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-in user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Word RTF dpendgroup Control Word Remote Code Execution Vulnerability (MS08-072) Release Date:

remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word, or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-in user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Word RTF Drawing Primitives Remote Code Execution Vulnerability (MS08-072) Release Date:

remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (RTF) files. The vulnerability could allow remote code execution if a user opens a specially crafted RTF file in Word, or reads or previews a specially crafted e-mail sent in the RTF format. An attacker who successfully exploited this vulnerability could take control of an affected system in the context of the currently logged-on user. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Word RTF stylesheet Control Word Remote Code Execution Vulnerability (MS08-072) Release Date:

A remote code execution vulnerability exists in the way that GDI handles integer calculations. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

• Check Point Response
• Update Protection against Microsoft GDI WMF Remote Code Execution Vulnerability (MS08-071) Release Date:

A remote code execution vulnerability exists in the way that GDI handles file size parameters in WMF files. The vulnerability could allow remote code execution if a third-party application uses a specific Microsoft API to copy a specially crafted WMF image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

• Check Point Response
• Workaround for Microsoft GDI WMF Heap Overflow Vulnerability (MS08-071) Release Date:

A remote code execution vulnerability exists in the DataGrid ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Visual Basic ActiveX Controls Remote Code Execution Vulnerabilities (MS08-070) Release Date:

A remote code execution vulnerability exists in the FlexGrid ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Visual Basic ActiveX Controls Remote Code Execution Vulnerabilities (MS08-070) Release Date:

A remote code execution vulnerability exists in the Hierarchical FlexGrid ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Visual Basic ActiveX Controls Remote Code Execution Vulnerabilities (MS08-070) Release Date:

A remote code execution vulnerability exists in the Windows Common ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Visual Basic ActiveX Controls Remote Code Execution Vulnerabilities (MS08-070) Release Date:

A remote code execution vulnerability exists in the Charts ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Visual Basic ActiveX Controls Remote Code Execution Vulnerabilities (MS08-070) Release Date:

A remote code execution vulnerability exists in the Masked Edit ActiveX Control for Visual Basic 6. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Visual Studio ActiveX Control Buffer Overflow Vulnerability (MS08-070) Release Date: