Microsoft Security

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Update Protection against Microsoft Word Multiple SPRM Records Buffer Overflow Vulnerability (MS09-027) Release Date:

A remote code execution vulnerability exists in the way that Microsoft Office Word handles a specially crafted Word file that includes a malformed record. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Update Protection against Microsoft Word Malformed SPRM Record Buffer Overflow Vulnerability (MS09-027) Release Date:

An elevation of privilege vulnerability exists in the Windows remote procedure call (RPC) facility where the RPM Marshalling Engine does not update its internal state appropriately. The failure to update internal state could lead to a pointer being read from an incorrect location. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.

An elevation of privilege vulnerability exists in the way that the Windows kernel does not properly validate changes in certain kernel objects. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• This is a local vulnerability that can not be mitigated by a network IPS protection.

An elevation of privilege vulnerability exists in the Windows kernel due to the insufficient validation of certain pointers passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• This is a local vulnerability that can not be mitigated by a network IPS protection.

An elevation of privilege vulnerability exists because the Windows kernel does not properly validate an argument passed to a Windows kernel system call. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• This is a local vulnerability that can not be mitigated by a network IPS protection.

An elevation of privilege vulnerability exists when the Windows kernel improperly validates input passed from user mode to the kernel when editing a specific desktop parameter. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• This is a local vulnerability that can not be mitigated by a network IPS protection.

A remote code execution vulnerability exists in the way that the Works for Windows document converters handle specially crafted Works files. The vulnerability could allow remote code execution if a user opens a specially crafted .wps file. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

• Check Point Response
• Update Protection against Microsoft Works Converter Oversized Font Buffer Overflow Vulnerability (MS09-024) Release Date:

An information disclosure vulnerability exists in Windows Search due to the way file previews are generated. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability could run a malicious HTML script that could disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.

A remote code execution vulnerability exists in the Windows Print Spooler that could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.

• Check Point Response
• Update Protection against Microsoft Windows Print Spooler NetShareEnum Buffer Overflow Vulnerability (MS09-022) Release Date:

A local, authenticated information disclosure vulnerability exists in the Windows Printing Service that could allow a user to read or print any file on the system. This action can be taken even if the user does not have administrative access. However, the vulnerability could not be exploited remotely or by anonymous users.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.

A remote, authenticated elevation of privilege vulnerability exists in the Windows Print Spooler that could allow an arbitrary dynamic link library (DLL) to be loaded by the Print Spooler. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Windows Print Spooler LoadLibrary Information Disclosure Vulnerability (MS09-022) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel BRAI Record Pointer Corruption Vulnerability (MS09-021) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel Object Record Memory Corruption Vulnerability (MS09-021) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel ExternSheet Record Indexing Memory Corruption Vulnerability (MS09-021) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel String Copy Stack-Based Overrun Vulnerability (MS09-021) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel FormulaValue Field Memory Corruption Vulnerability (MS09-021) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel SST Record Integer Overflow Vulnerability (MS09-021) Release Date:

A remote code execution vulnerability exists in Microsoft Office Excel that could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed record object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Excel QSir and QSif Records Pointer Corruption Vulnerability (MS09-021) Release Date:

An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that typically requires authentication.

• Check Point Response
• Update Protection against Microsoft IIS WebDAV Extension URL Decoding Security Bypass Vulnerability (MS09-020) Release Date:

An elevation of privilege vulnerability exists in the way that the WebDAV extension for IIS handles HTTP requests. An attacker could exploit this vulnerability by creating a specially crafted anonymous HTTP request to gain access to a location that should require authentication.

• Check Point Response
• Update Protection against Microsoft IIS Anonymous HTTP Request Authentication Bypass (MS09-020) Release Date:

An information disclosure vulnerability exists in Internet Explorer that could allow script to gain access to the content in another browser window in another domain or Internet Explorer zone. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view data from a Web page in another Internet Explorer domain.

• Check Point Response
• Update Protection against Microsoft Internet Explorer Race Condition Cross-Domain Information Disclosure Vulnerability (MS09-019) Release Date:

An information disclosure vulnerability exists in the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability could view content from the local computer or another browser window in another domain or Internet Explorer zone.

• Check Point Response
• Update Protection against Microsoft Internet Explorer Cross-Domain Information Disclosure Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

• Check Point Response
• Update Protection against Microsoft Internet Explorer DHTML Table Row Object Memory Corruption Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Internet Explorer HTML XMLHttpRequest Memory Corruption Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Internet Explorer HTML SetCapture Memory Corruption Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Internet Explorer Multiple Events Improper Reference Counting Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Internet Explorer DOM Manipulations Improper Handling Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

• Check Point Response
• Update Protection against Microsoft Internet Explorer Rows Object Memory Corruption Vulnerability (MS09-019) Release Date:

A remote code execution vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server. The vulnerability is due to incorrect freeing of memory when processing specially crafted LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

• Check Point Response
• Update Protection against Microsoft Active Directory Invalid Free Remote Code Execution Vulnerability (MS09-018) Release Date:

A denial of service vulnerability exists in implementations of Active Directory on Microsoft Windows 2000 Server and Windows Server 2003. The vulnerability also exists in implementations of Active Directory Application Mode (ADAM) when installed on Windows XP Professional and Windows Server 2003. The vulnerability is due to improper memory management during execution of certain types of LDAP or LDAPS requests. An attacker who successfully exploited this vulnerability could cause the affected server to stop responding.

• Check Point Response
• SmartDefense research teams are studying this vulnerability and may issue a protection at a later date.