J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1545
    posted: 11/19/09
  • NSM Daily Update #1545
    posted: 11/19/09
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1545
    posted: 11/19/09
  • Deep Inspection 5.1 and 5.2 #1435
    posted: 11/19/09
  • Deep Inspection 5.0, 5.3r4 and below #1132
    posted: 03/28/08 (04/01/08 for 5.0)
  • Antivirus
    posted: 11/19/09
Microsoft Security Bulletins

September 2009

Prior Updates:

2009 |October |September |August |July |June |May |April |March |February |January
2008 |December |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

September 2009

Microsoft Security Bulletin MS09-045

Vulnerability in JScript Scripting Engines Could Allow Remote Code Execution (971961)

Severity: Critical
Vulnerabilities:
  • Jscript Remote Code Execution Vulnerability - CVE-2009-1920
    A remote code execution vulnerability exists in the way that the JScript scripting engine decodes script in Web pages. This vulnerability could allow remote code execution if a user opened a specially crafted file or visited a Web site that is running specially crafted script. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS09-046

Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)

Severity: Critical
Vulnerabilities:
  • DHTML Editing Component ActiveX Control Vulnerability - CVE-2009-2519
    A remote code execution vulnerability exists in the DHTML Editing Component ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS09-047

Vulnerabilities in Windows Media Format Could Allow Remote Code Execution (973812)

Severity: Critical
Vulnerabilities:
  • Windows Media Header Parsing Invalid Free Vulnerability - CVE-2009-2498
    A remote code execution vulnerability exists in the way that Microsoft Windows handles specially crafted ASF format files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Windows Media Playback Memory Corruption Vulnerability - CVE-2009-2499
    A remote code execution vulnerability exists in the way that Microsoft Windows handles MP3 media files. This vulnerability could allow remote code execution if a user opened a specially crafted file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS09-048

Vulnerabilities in Windows TCP/IP Could Allow Remote Code Execution (967723)

Severity: Critical
Vulnerabilities:
  • TCP/IP Zero Window Size Vulnerability - CVE-2008-4609
    A denial of service vulnerability exists in TCP/IP processing in Microsoft Windows due to the way Windows handles excessive number of established TCP connections. The effect of this vulnerability can be amplified by the requirement to process specially crafted packets with a TCP receive window size set to a very small value or zero. An attacker could exploit the vulnerability by flooding a system with specially crafted packets causing the affected system to stop responding to new requests or automatically restart.
  • TCP/IP Timestamps Code Execution Vulnerability - CVE-2009-1925
    A remote code execution vulnerability exists in the Windows TCP/IP stack due to the TCP/IP stack not cleaning up state information correctly. This causes the TCP/IP stack to reference a field as a function pointer when it actually contains other information. An anonymous attacker could exploit the vulnerability by sending specially crafted TCP/IP packets to a computer that has a service listening over the network. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • TCP/IP Orphaned Connections Vulnerability - CVE-2009-1926
    A denial of service vulnerability exists in TCP/IP processing in Microsoft Windows due to an error in the processing of specially crafted packets with a small or zero TCP receive window size. If an application closes a TCP connection with pending data to be sent and an attacker has set a small or zero TCP receive window size, the affected server will not be able to completely close the TCP connection. An attacker could exploit the vulnerability by flooding a system with specially crafted packets causing the affected system to stop responding to new requests. The system would remain non-responsive even after the attacker stops sending malicious packets.

Microsoft Security Bulletin MS09-049

Vulnerability in Wireless LAN AutoConfig Service Could Allow Remote Code Execution (970710)

Severity: Critical
Vulnerabilities:
  • Wireless Frame Parsing Remote Code Execution Vulnerability - CVE-2009-1132
    A remote code execution vulnerability exists in the way that the Wireless LAN AutoConfig Service (wlansvc) parses specific frames received on the wireless network.