Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 8 |
CVE-ID | CVE-2009-2518 CVE-2009-2528 CVE-2009-2504 CVE-2009-2503 CVE-2009-2502 CVE-2009-2501 CVE-2009-2500 CVE-2009-3126 |
CWE-ID | CWE-119 CWE-122 CWE-190 |
Exploitation vector | Network |
Public exploit |
Vulnerability #6 is being exploited in the wild. Vulnerability #8 is being exploited in the wild. |
Vulnerable software |
Microsoft Office Client/Desktop applications / Office applications Microsoft Report Viewer Client/Desktop applications / Office applications Microsoft Works Client/Desktop applications / Office applications Microsoft Project Client/Desktop applications / Office applications Microsoft Visio Client/Desktop applications / Office applications Word Viewer Client/Desktop applications / Office applications Excel Viewer Client/Desktop applications / Office applications Microsoft Forefront Client Security Client/Desktop applications / Antivirus software/Personal firewalls Microsoft SQL Server Server applications / Database software Windows Server Operating systems & Components / Operating system Windows Operating systems & Components / Operating system Microsoft .NET Framework Server applications / Frameworks for developing and running applications Microsoft Internet Explorer Client/Desktop applications / Web browsers |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 8 vulnerabilities.
EUVDB-ID: #VU1390
Risk: High
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2518
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in GDI+ when handling malformed Office Documents. A remote attacker can create a Microsoft Office document containing a specially crafted BMP image, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office: XP
CPE2.3 External linkshttp://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1389
Risk: High
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2528
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in GDI+ when parsing Office Art Property Tables. A remote attacker can create a specially crafted Microsoft Office file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office: XP
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1387
Risk: High
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2504
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in APIs accessible from .NET Framework applications. A remote attacker can create a specially crafted ASP.NET or .NET Framework application, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft .NET Framework 1.1 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=ecf78619-80fa-417d-852b-1b5b2cf574e2
Microsoft .NET Framework 2.0 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?FamilyId=3e534aa8-29c2-4379-9f57-931a6ff47418
Microsoft .NET Framework 2.0 Service Pack 2 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=e6f5e730-85cc-4c08-a50d-c456b1e9f5bc
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=ad92503a-8c91-4d73-98b0-942d7961637d
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=414466a4-39a0-476d-9a43-ae7674cbd6a0
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=eb95e8d9-6ef5-4526-99d2-507e50de049b
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=a678ceb9-a37a-4c29-8bd1-f209922990e5
Windows Vista and Windows Vista Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=19aa01f3-026d-4264-85f8-216d0597969b
Windows Vista x64 Edition and Windows Vista x64 Edition Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=8f5f0c1d-1dd6-47fa-aef2-d3c96c8fc06e
Windows Server 2008 for 32-bit Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=fd1694af-8873-43aa-9243-91f7cde452b7
Windows Server 2008 for x64-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=41bc4cdb-273a-4a6e-80d9-c8ce20e32da9
Windows Server 2008 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=a4f42085-1cb9-4b8d-a931-85be71fdf06d
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.as
Microsoft Forefront Client Security: 1.0
Microsoft Report Viewer: 2005 - 2008
Microsoft SQL Server: 2000 8.0.194 - 2005 9.0.1399
Microsoft Works: 8.5
Microsoft Office: XP - 2007
Windows Server: 2003 - 2008
Windows: Vista - XP
Microsoft .NET Framework: 1.1 - 2.0
Microsoft Project: 2002
Microsoft Visio: 2002
Word Viewer: 2003
Excel Viewer: 2003
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1386
Risk: High
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2503
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in GDI+ when handling TIFF image file. A remote attacker can create a specially crafted TIFF image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Windows XP Professional x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=ad92503a-8c91-4d73-98b0-942d7961637d
Windows Server 2003 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=414466a4-39a0-476d-9a43-ae7674cbd6a0
Windows Server 2003 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=eb95e8d9-6ef5-4526-99d2-507e50de049b
Windows Server 2003 with SP2 for Itanium-based Systems:
https://www.microsoft.com/downloads/details.aspx?familyid=a678ceb9-a37a-4c29-8bd1-f209922990e5
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8
Microsoft Internet Explorer: 6
Windows: XP
Windows Server: 2003
Microsoft Office: XP - 2007
Microsoft Project: 2002
Microsoft Visio: 2002
Word Viewer: 2003
Excel Viewer: 2003
Microsoft SQL Server: 2000 8.0.194 - 2005 9.0.1399
Microsoft Forefront Client Security: 1.0
Microsoft Report Viewer: 2005 - 2008
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1385
Risk: High
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2502
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in GDI+ when handling TIFF image file. A remote attacker can create a specially crafted TIFF image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8
Word Viewer: 2003 - 2007
Windows: XP - 2000
Microsoft Office: XP - 2007
Microsoft Works: 8.5
Microsoft SQL Server: 2000 8.0.194 - 2005 9.0.1399
Microsoft Forefront Client Security: 1.0
Microsoft Report Viewer: 2005 - 2008
Excel Viewer: 2003
Microsoft Project: 2002
Microsoft Visio: 2002
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1384
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2009-2501
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to heap-based buffer overflow in GDI+ when handling PNG image file. A remote attacker can create a specially crafted PNG image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install update from vendor's website:
Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8
Word Viewer: 2003
Microsoft Internet Explorer: 6
Windows: XP
Microsoft Office: XP - 2007
Microsoft Works: 8.5
Microsoft SQL Server: 2000 8.0.194 - 2005 9.0.1399
Microsoft Forefront Client Security: 1.0
Microsoft Report Viewer: 2005 - 2008
Microsoft Visio: 2002
Microsoft Project: 2002
Excel Viewer: 2003
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU1383
Risk: High
CVSSv4.0: [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2009-2500
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when handling WMF image file. A remote attacker can create a specially crafted WMF image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install update from vendor's website:
Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8
Word Viewer: 2003
Microsoft Internet Explorer: 6
Windows: XP
Microsoft Office: XP - 2007
Microsoft Project: 2002
Microsoft Works: 8.5
Microsoft SQL Server: 2005 9.0.1399
Microsoft Forefront Client Security: 1.0
Microsoft Report Viewer: 2005 - 2008
Microsoft Visio: 2002
Excel Viewer: 2003
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1388
Risk: Critical
CVSSv4.0: [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red]
CVE-ID: CVE-2009-3126
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in GDI+ when handling PNG image file. A remote attacker can create a specially crafted PNG image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.
Install update from vendor's website:
Microsoft Internet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=f3fef608-dafb-4b37-a65a-9cc4ae8e2c4c
Windows XP Service Pack 2 and Windows XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=e2acde20-a6d3-4135-b6eb-1214f743d474
Microsoft Office XP Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Office 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
2007 Microsoft Office System Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
2007 Microsoft Office System Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Project 2002 Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=b4ac7fbe-dd19-4940-a576-89a6b7ed602d
Microsoft Visio 2002 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=920ee70b-c5c1-47b5-8f33-938ffe14eea4
Microsoft Word Viewer 2003 Service Pack 3 and Microsoft Office Excel Viewer 2003 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=48752ab4-5928-476d-a8bc-e998d188b1f7
Microsoft Office Excel Viewer Service Pack 2, Microsoft Office Visio Viewer 2007 Service Pack 1, and Microsoft Office Visio Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office PowerPoint Viewer 2007 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=98d7c4ab-f8ca-4806-a609-453fb29b02ec
Microsoft Works 8.5:
https://www.microsoft.com/downloads/details.aspx?familyid=6f96de9a-62d8-428f-9567-51d55c129be6
SQL Server 2000 Reporting Services Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=33554f96-5af7-4683-a537-9db293b67b8d
SQL Server 2005 Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 x64 Edition Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 for Itanium-based Systems Service Pack 2:
https://www.microsoft.com/downloads/details.aspx?familyid=d971a262-1dfb-498c-a4f3-59fdc1b85d23
https://www.microsoft.com/downloads/details.aspx?familyid=76d3d653-e9a0-48bc-afae-d3553f7b9235
SQL Server 2005 Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 x64 Edition Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
SQL Server 2005 for Itanium-based Systems Service Pack 3:
https://www.microsoft.com/downloads/details.aspx?familyid=0d878f4b-71e8-4170-9a14-1bce684811ce
https://www.microsoft.com/downloads/details.aspx?familyid=e6f307c1-8b21-406e-9c6f-b1a3a1e9a98f
Microsoft Report Viewer 2005 Service Pack 1 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=0dfaf300-2b53-4678-a779-0d805ddfe538
Microsoft Report Viewer 2008 Redistributable Package:
https://www.microsoft.com/downloads/details.aspx?familyid=42ed040f-cf94-4754-b0b3-c8016fbcbe22
Microsoft Report Viewer 2008 Redistributable Package Service Pack 1:
https://www.microsoft.com/downloads/details.aspx?familyid=6aaa74bd-a46e-4478-b4e1-2063d18d2d42
Microsoft Forefront Client Security 1.0 when installed on Microsoft Windows 2000 Service Pack 4:
https://www.microsoft.com/downloads/details.aspx?familyid=c0ce624c-8df3-4223-8a7a-5cba4ac334a8
Word Viewer: 2003 - 2007
Windows: XP - 2000
Microsoft Office: XP - 2007
Microsoft Works: 8.5
Microsoft SQL Server: 2000 8.0.194 - 2005 9.0.1399
Microsoft Forefront Client Security: 1.0
Microsoft Report Viewer: 2005 - 2008
Excel Viewer: 2003
Microsoft Project: 2002
Microsoft Visio: 2002
CPE2.3http://technet.microsoft.com/en-us/library/security/ms09-062.aspx
http://fe-ddis.dk/cfcs/CFCSDocuments/Zeroday.pdf
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website or open a file.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.