Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Security Bulletins for

= Check Point has provided a protection to this bulletin

Microsoft Security Bulletin MS08-036:
Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762)

Severity: High

CVE-2008-1440: PGM Invalid Length Vulnerability

A denial of service vulnerability exists in implementations of the Pragmatic General Multicast (PGM) protocol on Microsoft Windows XP and Windows Server 2003. The vulnerability is due to improper validation of specially crafted PGM packets. An attacker who successfully exploited this vulnerability could cause the computer to become non-responsive and require a restart to restore functionality.

CVE-2008-1441: PGM Malformed Fragment Vulnerability

A denial of service vulnerability exists in implementations of the Pragmatic General Multicast (PGM) protocol on Microsoft Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. The protocol’s parsing code does not properly validate specially crafted PGM fragments and will cause the affected system to become non-responsive until the attack has ceased.

Microsoft Security Bulletin MS08-035:
Vulnerability in Active Directory Could Allow Denial of Service (953235)

Severity: High

CVE-2008-1445: Active Directory Vulnerability

A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server, Windows Server 2003, and Windows Server 2008. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP and Windows Server 2003 and Active Directory Lightweight Directory Services (AD LDS) when installed on Windows Server 2008. The vulnerability is due to insufficient validation of specially crafted LDAP requests. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.

Microsoft Security Bulletin MS08-034:
Vulnerability in WINS Could Allow Elevation of Privilege (948745)

Severity: High

CVE-2008-1451: Memory Overwrite Vulnerability

An elevation of privilege vulnerability exists in the Windows Internet Name Service (WINS) in the way that WINS does not sufficiently validate the data structures within specially crafted WINS network packets. The vulnerability could allow a local attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts.

Microsoft Security Bulletin MS08-033:
Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)

Severity: Critical

CVE-2008-1444: SAMI Format Parsing Vulnerability

A remote code execution vulnerability exists in the way DirectX handles supported format files. This vulnerability could allow remote code execution if a user opened a specially crafted file.

CVE-2008-0011: MJPEG Decoder Vulnerability

A remote code execution vulnerability exists in the way that the Windows MJPEG Codec handles MJPEG streams in AVI or ASF files. A user would have to preview or play a specially crafted MJPEG file for the vulnerability to be exploited.

  • Check Point Response

Microsoft Security Bulletin MS08-032:
Cumulative Security Update of ActiveX Kill Bits (950760)

Severity: Medium

CVE-2007-0675: Speech API Vulnerability

A remote code execution vulnerability exists in the Speech Components sapi.dll. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. The user must have the Speech Recognition feature in Windows enabled. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

Microsoft Security Bulletin MS08-031:
Cumulative Security Update for Internet Explorer (950759)

Severity: Critical

CVE-2008-1442: HTML Objects Memory Corruption Vulnerability â€

A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

  • Check Point Response

CVE-2008-1544: Request Header Cross-Domain Information Disclosure Vulnerability â€

An information disclosure vulnerability exists in the way Internet Explorer handles certain request headers. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow the attacker to read data from another Internet Explorer domain.

  • Check Point Response

Microsoft Security Bulletin MS08-030:
Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376)

Severity: Critical

CVE-2008-1453: Bluetooth Vulnerability

A remote code execution vulnerability exists in the Bluetooth stack in Microsoft Windows because the Bluetooth stack does not correctly handle a large number of service description requests. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete date; or create new accounts with full user rights.

  • Check Point Response

Microsoft Security

2008 Microsoft Security Bulletins by Month