Microsoft Security Bulletins for

A remote code execution vulnerability exists in the way Microsoft Office Visio handles memory when opening up Visio files. An attacker could exploit the vulnerability by sending a specially crafted file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

• Check Point Response
• Workaround for Microsoft Office Visio Malformed File Parsing Remote Code Execution Vulnerabilities (MS09-005) Release Date:

A remote code execution vulnerability exists in the way Microsoft Office Visio validates object data when opening up Visio files. An attacker could exploit the vulnerability by sending a specially crafted file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

• Check Point Response
• Workaround for Microsoft Office Visio Malformed File Parsing Remote Code Execution Vulnerabilities (MS09-005) Release Date:

A remote code execution vulnerability exists in the way Microsoft Office Visio copies object data in memory. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site.

• Check Point Response
• Workaround for Microsoft Office Visio Malformed File Parsing Remote Code Execution Vulnerabilities (MS09-005) Release Date:

A remote code execution vulnerability exists in the way that SQL Server checks parameters in the "sp_replwritetovarbin" extended stored procedure. The vulnerability could allow remote code execution if untrusted users have access to an affected system or if a SQL injection vulnerability exists on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

• Check Point Response
• Preemptive Protection against Microsoft SQL Server sp_replwritetovarbin Limited Memory Overwrite Vulnerability (MS09-004) Release Date:

A denial of service vulnerability exists in the EMSMDB2 (Electronic Messaging System Microsoft Data Base, 32 bit build) provider because of the way it handles invalid MAPI commands. An attacker could exploit the vulnerability by sending a specially crafted MAPI command to the application using the EMSMDB32 provider. An attacker who successfully exploited this vulnerability could cause the application to stop responding.

• Check Point Response
• Update Protection against Microsoft Exchange Server EMSMDB32 Literal Processing Vulnerability (MS09-003) Release Date:

A remote code execution vulnerability exists in the way Microsoft Exchange Server decodes the Transport Neutral Encapsulation Format (TNEF) data for a message.

• Check Point Response
• Update Protection against Microsoft Exchange Server MS-TNEF Memory Corruption Vulnerability (MS09-003) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability (MS09-002) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer handles Cascading Style Sheets (CSS). An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer CSS Memory Corruption Vulnerability (MS09-002) Release Date: