J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09
Microsoft Security Bulletins

October 2009

Prior Updates:

2009 |October |September |August |July |June |May |April |March |February |January
2008 |December |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

October 2009

Microsoft Security Bulletin MS09-050

Vulnerabilities in SMBv2 Could Allow Remote Code Execution (975517)

Severity: Critical
Vulnerabilities:
  • SMBv2 Infinite Loop Vulnerability - CVE-2009-2526
    A denial of service vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB version 2 (SMBv2) packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could cause the computer to stop responding until restarted.
  • SMBv2 Command Value Vulnerability - CVE-2009-2532
    An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted network message to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system.
  • SMBv2 Negotiation Vulnerability - CVE-2009-3103
    An unauthenticated remote code execution vulnerability exists in the way that Microsoft Server Message Block (SMB) Protocol software handles specially crafted SMB packets. An attempt to exploit the vulnerability would not require authentication, allowing an attacker to exploit the vulnerability by sending a specially crafted SMB packet to a computer running the Server service. An attacker who successfully exploited this vulnerability could take complete control of the system.

Microsoft Security Bulletin MS09-051

Vulnerabilities in Windows Media Runtime Could Allow Remote Code Execution (975682)

Severity: Critical
Vulnerabilities:
  • Windows Media Runtime Voice Sample Rate Vulnerability - CVE-2009-0555
    A remote code execution vulnerability exists in Windows Media Player due to the improper processing of specially crafted Advanced Systems Format (ASF) files. An attacker could exploit the vulnerability by constructing a specially crafted audio file that could allow remote code execution when played using an affected version of Windows Media Player. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • Windows Media Runtime Heap Corruption Vulnerability - CVE-2009-2525
    A remote code execution vulnerability exists in the way that Microsoft Windows Media Runtime handles certain functions in compressed audio files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS09-052

Vulnerability in Windows Media Player Could Allow Remote Code Execution (974112)

Severity: Critical
Vulnerabilities:
  • WMP Heap Overflow Vulnerability - CVE-2009-2527
    A remote code execution vulnerability exists in Windows Media Player 6.4. An attacker could exploit the vulnerability by constructing a specially crafted ASF file that could allow remote code execution when played using Windows Media Player 6.4. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS09-053

Vulnerabilities in FTP Service for Internet Information Services Could Allow Remote Code Execution (975254)

Severity: Important
Vulnerabilities:
  • IIS FTP Service DoS Vulnerability - CVE-2009-2521
    A vulnerability exists in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, Microsoft Internet Information Services (IIS) 6.0, and Microsoft Internet Information Services (IIS) 7.0. The vulnerability could allow denial of service (DoS).
  • IIS FTP Service RCE and DoS Vulnerability - CVE-2009-3023
    A Vulnerability exists in the FTP Service in Microsoft Internet Information Services (IIS) 5.0, Microsoft Internet Information Services (IIS) 5.1, and Microsoft Internet Information Services (IIS) 6.0. The vulnerability could allow remote code execution (RCE) on systems running FTP Service on IIS 5.0, or denial of service (DoS) on systems running FTP Service on IIS 5.1, IIS 6.0.

Microsoft Security Bulletin MS09-054

Cumulative Security Update for Internet Explorer (974455)

Severity: Critical
Vulnerabilities:
  • Data Stream Header Corruption Vulnerability - CVE-2009-1547
    A remote code execution vulnerability exists in the way that Internet Explorer processes data stream headers in specific situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • HTML Component Handling Vulnerability - CVE-2009-2529
    A remote code execution vulnerability exists in the way that Internet Explorer handles argument validation of a variable in specific situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-2530
    A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-2531
    A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Bulletin MS09-055

Cumulative Security Update of ActiveX Kill Bits (973525)

Severity: Critical
Vulnerabilities:
  • ATL COM Initialization Vulnerability - CVE-2009-2493
    A remote code execution vulnerability exists in the Microsoft ActiveX controls listed in the FAQ section of this vulnerability, which were compiled using the vulnerable Microsoft Active Template Library described in Microsoft Security Bulletin MS09-035. An attacker could exploit the vulnerability in these controls by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

Microsoft Security Bulletin MS09-056

Vulnerabilities in Windows CryptoAPI Could Allow Spoofing (974571)

Severity: Important
Vulnerabilities:
  • Null Truncation in X.509 Common Name Vulnerability - CVE-2009-2510
    A spoofing vulnerability exists in the Microsoft Windows CryptoAPI component when parsing ASN.1 information from X.509 certificates. An attacker who successfully exploited this vulnerability could impersonate another user or system.
  • Integer Overflow in X.509 Object Identifiers Vulnerability - CVE-2009-2511
    A spoofing vulnerability exists in the Microsoft Windows CryptoAPI component when parsing ASN.1 object identifiers from X.509 certificates. An attacker who successfully exploited this vulnerability could impersonate another user or system.

Microsoft Security Bulletin MS09-057

Vulnerability in Indexing Service Could Allow Remote Code Execution (969059)

Severity: Important
Vulnerabilities:
  • Memory Corruption in Indexing Service Vulnerability - CVE-2009-2507
    A remote code execution vulnerability exists in the Indexing Service on Windows systems. The vulnerability is due to an ActiveX control included with the service not properly handling specifically crafted Web content. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS09-058

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (971486)

Severity: Important
Vulnerabilities:
  • Windows Kernel Integer Underflow Vulnerability - CVE-2009-2515
    An elevation of privilege vulnerability exists in the Windows kernel due to the incorrect truncation of a 64-bit value to a 32-bit value. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Windows Kernel NULL Pointer Dereference Vulnerability - CVE-2009-2516
    An elevation of privilege vulnerability exists in the Windows kernel due to the insufficient validation of certain data passed from user mode. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Windows Kernel Exception Handler Vulnerability - CVE-2009-2517
    A denial of service vulnerability exists in the Windows kernel because of the way the kernel handles certain exceptions. An attacker could exploit the vulnerability by running a specially crafted application causing the system to restart.

Microsoft Security Bulletin MS09-059

Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (975467)

Severity: Important
Vulnerabilities:
  • Local Security Authority Subsystem Service Integer Overflow Vulnerability - CVE-2009-2524
    An elevation of privilege vulnerability exists in the Microsoft Windows Local Security Authority Subsystem Service (LSASS) due to its improper handling of malformed packets during NTLM authentication. An attacker could create specially crafted anonymous NTLM authentication requests that would cause a crash in the LSASS service and subsequently would restart the computer.

Microsoft Security Bulletin MS09-060

Vulnerabilities in Microsoft Active Template Library (ATL) ActiveX Controls for Microsoft Office Could Allow Remote Code Execution (973965)

Severity: Critical
Vulnerabilities:
  • ATL Uninitialized Object Vulnerability - CVE-2009-0901
    A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to an issue in the ATL headers that could allow an attacker to force VariantClear to be called on a VARIANT that has not been correctly initialized. Because of this, the attacker can control what happens when VariantClear is called during handling of an error by supplying a corrupt stream. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. This issue could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
  • ATL COM Initialization Vulnerability - CVE-2009-2493
    A remote code execution vulnerability exists in the Microsoft Active Template Library (ATL) due to issues in the ATL headers that handle instantiation of an object from data streams. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. For components and controls built using ATL, unsafe usage of OleLoadFromStream could allow the instantiation of arbitrary objects which can bypass related security policy, such as kill bits within Internet Explorer. This issue could allow a remote, unauthenticated user to perform remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
  • ATL Null String Vulnerability - CVE-2009-2495
    An information disclosure vulnerability exists in the Microsoft Active Template Library (ATL) that could allow a string to be read without a terminating NULL character. An attacker could manipulate this string to read extra data beyond the end of the string and thus disclose information in memory. This vulnerability only directly affects systems with components and controls installed that were built using Visual Studio ATL. An attacker who successfully exploited this vulnerability could run a malicious component or control that could disclose information, forward user data to a third party, or access any data on the affected systems that was accessible to the logged-on user. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce information that could be used to try to further compromise the affected system.

Microsoft Security Bulletin MS09-061

Vulnerabilities in the Microsoft .NET Common Language Runtime Could Allow Remote Code Execution (974378)

Severity: Critical
Vulnerabilities:
  • Microsoft .NET Framework Pointer Verification Vulnerability - CVE-2009-0090
    A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to obtain a managed pointer to stack memory that is no longer used. The malicious Microsoft .NET application could then use this pointer to modify legitimate values placed at that stack location later, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.
  • Microsoft .NET Framework Type Verification Vulnerability - CVE-2009-0091
    A remote code execution vulnerability exists in the Microsoft .NET Framework that could allow a malicious Microsoft .NET application to bypass a type equality check. The malicious Microsoft .NET application could exploit this vulnerability by casting an object of one type into another type, leading to arbitrary unmanaged code execution. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.
  • Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability - CVE-2009-2497
    A remote code execution vulnerability exists in the Microsoft .NET Framework that can allow a malicious Microsoft .NET application or a malicious Silverlight application to modify memory of the attacker's choice, leading to arbitrary unmanaged code execution. Microsoft .NET applications and Silverlight applications that are not malicious are not at risk for being compromised because of this vulnerability.

Microsoft Security Bulletin MS09-062

Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)

Severity: Critical
Vulnerabilities:
  • GDI+ WMF Integer Overflow Vulnerability - CVE-2009-2500
    A remote code execution vulnerability exists in the way that GDI+ allocates buffer size when handling WMF image files. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • GDI+ PNG Heap Overflow Vulnerability - CVE-2009-2501
    A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • GDI+ TIFF Buffer Overflow Vulnerability - CVE-2009-2502
    A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted TIFF file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • GDI+ TIFF Memory Corruption Vulnerability - CVE-2009-2503
    A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted TIFF file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • GDI+ .NET API Vulnerability - CVE-2009-2504
    A remote code execution vulnerability exists in GDI+ that can allow a malicious Microsoft .NET application to gain unmanaged code execution privileges.. Microsoft .NET applications that are not malicious are not at risk for being compromised because of this vulnerability.
  • GDI+ PNG Integer Overflow Vulnerability - CVE-2009-3126
    A remote code execution vulnerability exists in the way that GDI+ allocates memory. The vulnerability could allow remote code execution if a user opens a specially crafted PNG image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Memory Corruption Vulnerability - CVE-2009-2528
    A remote code execution vulnerability exists in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.