|
|
|
|
| |
Credit:
The information has been provided by Microsoft Product Security.
The original article can be found at: http://www.microsoft.com/technet/security/bulletin/ms08-052.mspx
|
| |
Affected Software:
Windows Operating System and Components
* Windows XP Service Pack 2 and Windows XP Service Pack 3 - Not applicable - Remote Code Execution - Critical - None
* Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2 - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2 - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems - Not applicable - Remote Code Execution - Critical - None
* Windows Vista and Windows Vista Service Pack 1 - Not applicable - Remote Code Execution - Critical - None
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1 - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2008 for 32-bit Systems* - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2008 for x64-based Systems* - Not applicable - Remote Code Execution - Critical - None
* Windows Server 2008 for Itanium-based Systems - Not applicable - Remote Code Execution - Critical - None
Internet Explorer 6
* Microsoft Windows 2000 Service Pack 4 - Microsoft Internet Explorer 6 Service Pack 1 (KB938464) - Remote Code Execution - Critical - MS07-050
Microsoft .NET Framework
* Microsoft Windows 2000 Service Pack 4
o Microsoft .NET Framework 1.0 Service Pack 3 (KB947739)
o Microsoft .NET Framework 1.1 Service Pack 1 (KB947742)
o Microsoft .NET Framework 2.0 (KB947746)
o Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
*Windows Server 2008 Server Core installation not affected. The vulnerabilities addressed by this update do not affect supported editions of Windows Server 2008 if Windows Server 2008 was installed using the Server Core installation option, even though the files affected by these vulnerabilities may be present on the system. However, users with the affected files will still be offered this update because the update files are newer (with higher version numbers) than the files that are currently on your system. For more information on this installation option, see Server Core. Note that the Server Core installation option does not apply to certain editions of Windows Server 2008; see Compare Server Core Installation Options.
Microsoft Office
* Microsoft Office XP Service Pack 3 (KB953405) - Remote Code Execution - Important - MS04-028
* Microsoft Office 2003 Service Pack 2 (KB954478) - Remote Code Execution - Important - None
* Microsoft Office 2003 Service Pack 3 (KB954478) - Remote Code Execution - Important - None
* 2007 Microsoft Office System (KB954326) - Remote Code Execution - Important - None
* 2007 Microsoft Office System Service Pack 1 (KB954326) - Remote Code Execution - Important - None
Other Office Software
Microsoft Visio 2002 Service Pack 2 (KB954479) - Remote Code Execution - Important - MS08-019
* Microsoft Office PowerPoint Viewer 2003 (KB956500) - Remote Code Execution - Important - MS08-051
* Microsoft Works 8 (KB956483) - Remote Code Execution - Important - MS08-044
* Microsoft Digital Image Suite 2006 (KB955992) - Remote Code Execution - Critical - None
Note Office Communicator 2005 and Office Communicator 2007 distribute a copy of gdiplus.dll that contains the affected code. However, Microsoft's analysis has shown that there are no reliable attack vectors exposed in these products.
Microsoft SQL Server
* Not applicable - SQL Server 2000 Reporting Services Service Pack 2 (KB954609) - Remote Code Execution - Critical - None
* SQL Server 2005 Service Pack 2 (KB954606) - SQL Server 2005 Service Pack 2 (KB954607) - Remote Code Execution - Critical - MS08-040
* SQL Server 2005 x64 Edition Service Pack 2 (KB954606) - SQL Server 2005 x64 Edition Service Pack 2 (KB954607) - Remote Code Execution - Critical - MS08-040
* SQL Server 2005 for Itanium-based Systems Service Pack 2 (KB954606) - SQL Server 2005 for Itanium-based Systems Service Pack 2 (KB954607) - Remote Code Execution - Critical - MS08-040
Developer Tools
* Microsoft Visual Studio .NET 2002 Service Pack 1 (KB947736) - None - None - None
* Microsoft Visual Studio .NET 2003 Service Pack 1 (KB947737) - None - None - None
* Microsoft Visual Studio 2005 Service Pack 1 (KB947738) - None - None - None
* Microsoft Visual Studio 2008 (KB952241) - None - None - None
* Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package (KB954765) - Remote Code Execution - Critical - None
* Microsoft Report Viewer 2008 Redistributable Package (KB954766) - Remote Code Execution - Critical - None
* Microsoft Visual FoxPro 8.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4 (KB955368) - None - None - None
* Microsoft Visual FoxPro 9.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4 (KB955369) - None - None - None
* Microsoft Visual FoxPro 9.0 Service Pack 2 when installed on Microsoft Windows 2000 Service Pack 4 (KB955370) - None - None - None
* Microsoft Platform SDK Redistributable: GDI+ - None - None - MS04-028
Security Software
* Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4 (KB957177) - Remote Code Execution - Important - None
Non-Affected Software:
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows 2000 Service Pack 4
o Microsoft Internet Explorer 5.01 Service Pack 4
o Windows Messenger 5.1
* Windows XP Service Pack 2 and Windows XP Service Pack 3
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
o Windows Messenger 5.1
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
o Microsoft Internet Explorer 6
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Vista and Windows Vista Service Pack 1
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Server 2008 for 32-bit Systems
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Server 2008 for x64-based Systems
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
* Windows Server 2008 for Itanium-based Systems
o Windows Internet Explorer 7
o Microsoft .NET Framework 1.0 Service Pack 3
o Microsoft .NET Framework 1.1 Service Pack 1
o Microsoft .NET Framework 2.0
o Microsoft .NET Framework 2.0 Service Pack 1
o Windows Messenger 4.7
Microsoft Office Suites
* Microsoft Office 2000 Service Pack 3
Other Office Software
* Microsoft Office Viewer 2003 and Microsoft Office Viewer 2003 Service Pack 3 for Excel, PowerPoint, Word, and Visio
* Microsoft Office Viewer 2007 and Microsoft Office Viewer 2007 Service Pack 1 for Excel, PowerPoint, Word, and Visio
* Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1
* Microsoft Visio 2003 Service Pack 2
* Microsoft Visio 2003 Service Pack 3
* Microsoft Visio 2007
* Microsoft Visio 2007 Service Pack 1
* Microsoft Visio 2002 Viewer
* Microsoft Visio 2003 Viewer
* Microsoft Visio 2007 Viewer
* Microsoft Visio 2007 Viewer Service Pack 1
* Microsoft Office PowerPoint Viewer 2007 and Microsoft Office PowerPoint Viewer 2007 Service Pack 1
* Microsoft Office SharePoint Server 2007
* Microsoft Office SharePoint Server 2007 Service Pack 1
* Microsoft Works 9.0
* Microsoft Works Suite 2005
* Microsoft Works Suite 2006
* Microsoft Office 2004 for Mac
* Microsoft Office 2008 for Mac
Microsoft SQL Server
* SQL Server 7.0 Service Pack 4
* SQL Server 2000 Service Pack 4
* SQL Server 2000 Itanium-based Edition Service Pack 4
* Microsoft Data Engine (MSDE) 1.0
* Microsoft SQL Server 2000 Desktop Engine (MSDE 2000)
* Microsoft SQL Server 2005 Express Edition Service Pack 2
Developer Tools
* Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package
* Microsoft Report Viewer 2008 Redistributable Package
GDI+ VML Buffer Overrun Vulnerability - CVE-2007-5348
A remote code execution vulnerability exists in the way that GDI+ handles gradient sizes. The vulnerability could allow remote code execution if a user browses to a Web site that contains specially crafted content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE Information:
CVE-2007-5348
GDI+ EMF Memory Corruption Vulnerability - CVE-2008-3012
A remote code execution vulnerability exists in the way that GDI+ handles memory allocation. The vulnerability could allow remote code execution if a user opens a specially crafted EMF image file or browses to a Web site that contains specially crafted content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE Information:
CVE-2008-3012
GDI+ GIF Parsing Vulnerability - CVE-2008-3013
A remote code execution vulnerability exists in the way that GDI+ parses GIF images. The vulnerability could allow remote code execution if a user opens a specially crafted GIF image file or browses to a Web site that contains specially crafted content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts.
CVE Information:
CVE-2008-3013
GDI+ WMF Buffer Overrun Vulnerability - CVE-2008-3014
A remote code execution vulnerability exists in the way that GDI+ allocates memory for WMF image files. The vulnerability could allow remote code execution if a user opens a specially crafted WMF image file or browses to a Web site that contains specially crafted content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE Information:
CVE-2008-3014
GDI+ BMP Integer Overflow Vulnerability - CVE-2008-3015
A remote code execution vulnerability exists in the way that GDI+ handles integer calculations. The vulnerability could allow remote code execution if a user opens a specially crafted BMP image file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
CVE Information:
CVE-2008-3015
|
|
|
|
|
