Latest Security Advisories & Notable Vulnerabilities

Microsoft Internet Explorer Invalid Pointer Reference Remote Code Execution
 Severity:    
 Advisory Date:  09 Mar 2010
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability." nvd: Further information on this vulnerability can be found at the following link from Microsoft: http://support.microsoft.com/kb/981374
Microsoft addresses the following vulnerabilities in its March batch of patches:
  • (MS10-016) Vulnerability in Windows Movie Maker Could Allow Remote Code Execution (975561)

    This security update addresses a privately reported vulnerability in Windows Movie Maker and Microsoft Producer 2003.

  • (MS10-017) Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (980150)

    This security update resolves seven privately reported vulnerabilities in Microsoft Office Excel.

Microsoft Internet Explorer does not properly validate parameters passed to the MsgBox function. This vulnerability could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
Microsoft addresses the following vulnerabilities in its February batch of patches:

(MS10-003) Vulnerability in Microsoft Office (MSO) Could Allow Remote Code Execution (978214)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file.

(MS10-004) Vulnerabilities in Microsoft Office PowerPoint Could Allow Remote Code Execution (975416)
Risk Rating: High
This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint. This security update resolves six privately reported vulnerabilities in Microsoft Office PowerPoint.

(MS10-005) Vulnerability in Microsoft Paint Could Allow Remote Code Execution (978706)
Risk Rating: Medium
This security update resolves a privately reported vulnerability in Microsoft Paint. The vulnerability could allow remote code execution if a user viewed a specially crafted JPEG image file using Microsoft Paint.

(MS10-006) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Risk Rating: Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially-crafted SMB response to a client-initiated SMB request.

(MS10-007) Vulnerability in Windows Shell Handler Could Allow Remote Code Execution (975713)
Risk Rating: Critical
This security update resolves two privately reported vulnerabilities in Microsoft Windows that could allow remote code execution if an attacker sent a specially-crafted SMB response to a client-initiated SMB request.

(MS10-008) Cumulative Security Update of ActiveX Kill Bits (978262)
Risk Rating: Critical
This security update addresses a privately reported vulnerability for Microsoft software. The vulnerability could allow remote code execution if a user views a specially crafted Web page that instantiates an ActiveX control with Internet Explorer.

(MS10-009) Vulnerabilities in SMB Client Could Allow Remote Code Execution (978251)
Risk Rating: Critical
This security update resolves four privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if specially crafted packets are sent to a computer with IPv6 enabled.

(MS10-010) Vulnerability in Windows Server 2008 Hyper-V Could Allow Denial of Service (977894)
Risk Rating: High
This security update resolves a privately reported vulnerability in Windows Server 2008 Hyper-V and Windows Server 2008 R2 Hyper-V.

(MS10-011) Vulnerability in Windows Client/Server Run-time Subsystem Could Allow Elevation of Privilege (978037)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft Windows Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000, Windows XP, and Windows Server 2003.

(MS10-012) Vulnerabilities in SMB Server Could Allow Remote Code Execution (971468)
Risk Rating: High
This security update resolves several privately reported vulnerabilities in Microsoft Windows. The most severe of these vulnerabilities could allow remote code execution if an attacker created a specially crafted SMB packet and sent the packet to an affected system.

(MS10-013) Vulnerability in Microsoft DirectShow Could Allow Remote Code Execution (977935)
Risk Rating: Critical
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS10-014) Vulnerability in Kerberos Could Allow Denial of Service (977290)
Risk Rating: High
This security update resolves a privately reported vulnerability in Microsoft DirectShow. The vulnerability could allow remote code execution if a user opened a specially crafted AVI file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS10-015) Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege (977165)
Risk Rating: High
This security update resolves one publicly disclosed and one privately reported vulnerability in Microsoft Windows. The vulnerabilities could allow elevation of privilege if an attacker logged on to the system and then ran a specially crafted application.
A remote code execution vulnerability exists in Microsoft Internet Explorer. The vulnerability exists as an invalid pointer reference within Internet Explorer. It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

It is believed that while Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 is not affected, Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, and Internet Explorer 6, Internet Explorer 7 and Internet Explorer 8 on supported editions of Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 are affected.

It is possible under certain conditions for the invalid pointer to be accessed after an object is deleted. In a specially-crafted attack, in attempting to access a freed object, Internet Explorer can be caused to allow remote code execution.

Microsoft addresses the following vulnerability in its January batch of patches:

  • (MS10-001) Vulnerability in the Embedded OpenType Font Engine Could Allow Remote Code Execution (972270)
    This security update resolves a privately reported vulnerability in Microsoft Windows.
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.

Trend Micro advises users about an existing vulnerability in Adobe Illustrator. The exploit happens when the said application fails to successfully parse comments from EPS (Encapsulated PostScript) files, leading to a buffer overflow.

Once the vulnerability is successfully exploited, attackers can be allowed to execute arbitrary code on the compromised system, allowing them to gain complete control of it.

Microsoft addressed the following vulnerabilities in its December batch of patches:

  • (MS09-071) Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318)

    This security update resolves several vulnerabilities in Microsoft Windows. These vulnerabilities could allow remote code execution if messages received by the Internet Authentication Service server are copied incorrectly into memory when handling PEAP authentication attempts.

  • (MS09-074) Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183)

    This security update resolves a vulnerability in Microsoft Office Project. The vulnerability could allow remote code execution if a user opens a specially crafted Project file.

  • (MS09-072) Cumulative Security Update for Internet Explorer (976325)

    This security update resolves several vulnerabilities in Internet Explorer. The vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.

  • (MS09-069) Vulnerability in Local Security Authority Subsystem Service Could Allow Denial of Service (974392)

    This security update resolves a vulnerability in Microsoft Windows. The vulnerability could allow a denial of service if a remote, authenticated attacker, sends a specially crafted ISAKMP message to the Local Security Authority Subsystem Service (LSASS) on an affected system.

  • (MS09-070) Vulnerabilities in Active Directory Federation Services Could Allow Remote Code Execution (971726)

    This security update resolves several vulnerabilities in Microsoft Windows. The more severe of these vulnerabilities could allow remote code execution if an attacker sent a specially crafted HTTP request to an ADFS-enabled Web server.

  • (MS09-073) Vulnerability in WordPad and Office Text Converters Could Allow Remote Code Execution (975539)

    This security update resolves a vulnerability in Microsoft WordPad and Microsoft Office text converters. The vulnerability could allow remote code execution if a specially crafted Word 97 file is opened in WordPad or Microsoft Office Word.