J-Security Center

Microsoft Security Bulletins

April 2009

Prior Updates:

2009 |December |November |October |September |August |July |June |May |April |March |February |January
2008 |December |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

April 2009

Microsoft Security Bulletin MS09-009

Vulnerabilities in Microsoft Office Excel Could Cause Remote Code Execution (968557)

Severity: Critical
Vulnerabilities:
  • Memory Corruption Vulnerability - CVE-2009-0100
    A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Memory Corruption Vulnerability - CVE-2009-0238
    A remote code execution vulnerability exists in Microsoft Office Excel as a result of memory corruption when loading Excel records. The vulnerability could allow remote code execution if a user opens a specially crafted Excel file that includes a malformed object. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Bulletin MS09-010

Vulnerability in Wordpad and Office Text Converters could allow Remote Code Execution (960477)

Severity: Critical
Vulnerabilities:
  • WordPad and Office Text Converter Memory Corruption Vulnerability - CVE-2009-0087
    A remote code execution vulnerability exists in the way that WordPad and Office Text Converters processes memory when a user opens a specially crafted Word 6 file that includes malformed data.
  • WordPad Word 97 Text Converter Stack Overflow Vulnerability - CVE-2008-4841
    A remote code execution vulnerability exists in the way that Microsoft WordPad processes memory when parsing a malformed Word 97 document. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed list structure.
  • Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability - CVE-2009-0088
    A remote code execution vulnerability exists in the way that WordPerfect 6.x converter, included with Microsoft Word 2000, processes memory when parsing a malformed WordPerfect document.
  • WordPad Word 97 Text Converter Stack Overflow Vulnerability - CVE-2009-0235
    A remote code execution vulnerability exists in Microsoft WordPad as a result of memory corruption when a user opens a specially crafted Word file.

Microsoft Security Bulletin MS09-011

Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (961373)

Severity: Critical
Vulnerabilities:
  • MJPEG Decompression Vulnerability - CVE-2009-0084
    A remote code execution vulnerability exists in the way Microsoft DirectShow handles supported format files. This vulnerability could allow code execution if a user opened a specially crafted MJPEG file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS09-012

Vulnerability in Windows Could Allow Elevation of Privilege (959454)

Severity: Important
Vulnerabilities:
  • Windows MSDTC Service Isolation Vulnerability - CVE-2008-1436
    An elevation of privilege vulnerability exists in the Microsoft Distributed Transaction Coordinator (MSDTC) transaction facility for Microsoft Windows platforms. Due to the way MSDTC is architected, the service leaves a NetworkService token that can be impersonated by any process calls into it. The vulnerability allows a process not running under NetworkService account, but has the SeImpersonatePrivilege, to elevate to NetworkService and execute code with those privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Systems which allow user-provided code to run in an authenticated context, such as within Internet Information Services (IIS) and SQL Server, are primarily impacted by this vulnerability. Hosting providers may be at increased risk from this elevation of privilege vulnerability.
  • Windows WMI Service Isolation Vulnerability - CVE-2009-0078
    An elevation of privilege vulnerability exists due to the Windows Management Instrumentation (WMI) improperly isolating processes that run under the NetworkService or LocalService accounts. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Windows RPCSS Service Isolation Vulnerability - CVE-2009-0079
    An elevation of privilege vulnerability exists due to the RPCSS service improperly isolating processes that run under the NetworkService or LocalService accounts. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Windows Thread Pool ACL Weakness Vulnerability - CVE-2009-0080
    An elevation of privilege vulnerability exists due to the Windows placing incorrect access control lists (ACLs) on threads in the current ThreadPool. The vulnerability could allow an attacker to run code with elevated privileges. An attacker who successfully exploited this vulnerability could execute arbitrary code and take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Bulletin MS09-013

Vulnerability in Windows HTTP services could allow Remote Code Execution (960803)

Severity: Critical
Vulnerabilities:
  • Windows HTTP Services Integer Underflow Vulnerability - CVE-2009-0086
    A remote code execution vulnerability exists in the way that Windows HTTP Services handle specific values that are returned by a remote web server.
  • Windows HTTP Services Certificate Name Mismatch Vulnerability - CVE- 2009-0089
    A spoofing vulnerability exists in Windows HTTP Services as a result of the incomplete validation of the distinguished name in a digital certificate. When combined with specific other attacks, such as DNS spoofing, this may allow an attacker to successfully spoof the digital certificate of a web site for any application that uses the Windows HTTP Services.
  • Windows HTTP Services Credential Reflection Vulnerability - CVE-2009-0550
    A remote code execution vulnerability exists in the way that Windows HTTP Services handles NTLM credentials when a user connects to an attacker's web server. This vulnerability allows an attacker to replay the user's credentials back to them and execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS09-014

Cumulative Security Update for Internet Explorer (963027)

Severity: Critical
Vulnerabilities:
  • Blended Threat Remote Code Execution Vulnerability - CVE-2008-2540
    A blended threat remote code execution vulnerability exists in the way that Internet Explorer locates and opens files on the system. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • WinINet Remote Code Execution Vulnerability - CVE-2009-0550
    A remote code execution vulnerability exists in the way that WinINet handles NTLM credentials when a user connects to an attacker's server by way of the HTTP protocol. This vulnerability allows an attacker to replay the user's credentials back to the attacker and to execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Page Transition Memory Corruption Vulnerability - CVE-2009-0551
    A remote code execution vulnerability exists in the way Internet Explorer handles transition when navigating between Web pages. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-0552
    A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-0553
    A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Uninitialized Memory Corruption Vulnerability - CVE-2009-0554
    A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.

Microsoft Security Bulletin MS09-015

Blended Threat Vulnerability in Searchpath could allow Escalation of Privilege (959426)

Severity: Moderate
Vulnerabilities:
  • Blended Threat Elevation of Privilege Vulnerability - CVE-2008-2540
    A blended threat elevation of privilege vulnerability exists in the way the SearchPath function in Windows locates and opens files on the system. An attacker could exploit the vulnerability by convincing a user to download a specially crafted file to a specific location, then open an application that could load the file under certain circumstances.

Microsoft Security Bulletin MS09-016

Vulnerability in Microsoft ISA Server and Forefront Threat Management Gateway (Medium Business Edition) Could Cause Denial of Service (961759)

Severity: Important
Vulnerabilities:
  • Web Proxy TCP State Limited Denial of Service Vulnerability - CVE-2009-0077
    A denial of service vulnerability exists in the way the firewall engine handles TCP state for Web proxy listeners. The vulnerability could allow a remote user to cause a Web listener to stop responding to new requests.
  • Cross-Site Scripting Vulnerability - CVE-2009-0237
    A cross-site scripting (XSS) vulnerability exists in cookieauth.dll which could allow malicious script code to run on the machine of another user under the guise of the server running cookieauth.dll. This is a non-persistent cross-site scripting vulnerability.