The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer. A remote attacker can construct a specially crafted Web page, trick the victim into viewing it, trigger memory corruption and execute arbitrary code via DSO bindings involving an XML Island, XML DSOs, or Tabular Data Control (TDC) in a crafted HTML or XML document.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Use-after-free
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer. A remote attacker can construct a specially crafted Web page, trick the victim into viewing it, trigger memory corruption and execute arbitrary code via DSO bindings involving an XML Island, XML DSOs, or Tabular Data Control (TDC) in a crafted HTML or XML document.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability alows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to stack overflow when parsing a malicious document. A remote attacker can create a specially crafted Word file containing a malformed list structure, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Stack-based buffer overflow
The vulnerability alows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to stack overflow when parsing a malicious document. A remote attacker can create a specially crafted Word file containing a malformed list structure, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when processing malformed WMF image file. By persuading the victim to open a specially crafted WMF image file containing a malformed header, a remote attacker can cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.
Integer Overflow or Wraparound
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow when processing malformed WMF image file. By persuading the victim to open a specially crafted WMF image file containing a malformed header, a remote attacker can cause memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: according to reports this vulnerability was being actively exploited before Microsoft issued security patch.
i
According to Symantec first exploitation of this vulnerability was detected on 2008-10-14.
Software:
Windows
Known/fameous malware:
Bloodhound.Exploit.214.
According to Symantec first exploitation of this vulnerability was detected on 2008-10-14.
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow during path canonicalization in Windows Server service. By sending a specially crafted RCP request, a remote attacker can cause memory corruption and execute arbitrary code with privileges of system account.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow during path canonicalization in Windows Server service. By sending a specially crafted RCP request, a remote attacker can cause memory corruption and execute arbitrary code with privileges of system account.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
i
According to Symantec, first exploitation of this vulnerability was detected on 2008-02-05. The vulnerability was used by the ConямБcker worm.
Software:
Windows
Known/fameous malware:
Trojan (Gimmiv.A) and a Trojan searching for non-patched machines on LAN (Arpoc.A)
W32.Downadup aka ConямБcker
W32.Downadup.B
W32.Fujacks.CE
W32.Neeris.C
W32.Wapomi.B
According to Symantec, first exploitation of this vulnerability was detected on 2008-02-05. The vulnerability was used by the ConямБcker worm.
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a buffer overflow in the Masked Edit ActiveX Control. A remote attacker can construct a specially crafted Web page, trick the victim into viewing it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Memory corruption
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a buffer overflow in the Masked Edit ActiveX Control. A remote attacker can construct a specially crafted Web page, trick the victim into viewing it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when handling malformed Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Memory corruption
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow when handling malformed Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
i
The vulnerability was being used in a 2008 Summer Olympics-themed attack.
Software:
Microsoft Word
The vulnerability was being used in a 2008 Summer Olympics-themed attack.
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the ActiveX control for the Snapshot Viewer for Microsoft Access. A remote attacker can construct a specially crafted Web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Memory corruption
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to buffer overflow in the ActiveX control for the Snapshot Viewer for Microsoft Access. A remote attacker can construct a specially crafted Web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Software:
Microsoft Office
Known/fameous malware:
JS/Exploit.CVE-2008-2463.A
Exploit kits using this vulnerability: Eleonore and Siberia.
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in Windows Internet Printing Protocol (IPP) implementation. By sending a specially crafted HTTP POST request, a remote authenticated attacker can cause memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Integer overflow
The vulnerability allows a remote authenticated attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in Windows Internet Printing Protocol (IPP) implementation. By sending a specially crafted HTTP POST request, a remote authenticated attacker can cause memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
i
According to US CERT, the targeted attacks were spotted on May 2, 2008.
Software:
Windows
According to US CERT, the targeted attacks were spotted on May 2, 2008.
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: this vulnerability was being actively exploited.
Privilege escalation
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to improper security restrictions on security tokens in the Microsoft Distributed Transaction Coordinator (MSDTC) service. By sending a specially crafted request to the MSDTC service, an attacker can access privileged security tokens and execute code with privileges of SYSTEM account.
Successful exploitation of the vulnerability results in privilege escalation allowing to execute arbitrary code and take complete control of an affected system.
Note: this vulnerability was being actively exploited.
i
The vulnerability was used in Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors.
Software:
Windows
The vulnerability was used in Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors.
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Jet database engine when parsing .mdb files. A remote attacker can create a specially crafted .mdb file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is publicly disclosed since 2005, however an attack vector was introduced only in 2008. The vulnerability is being actively exploited.
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Jet database engine when parsing .mdb files. A remote attacker can create a specially crafted .mdb file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is publicly disclosed since 2005, however an attack vector was introduced only in 2008. The vulnerability is being actively exploited.
i
The vulnerability initially had three CVEs: CVE-2005-0944, CVE-2007-6026 and CVE-2008-1092.
The issue has been introduced on 02/17/2000. The vulnerability was handled as a non-public zero-day exploit for at least 2832 days.
Software:
Microsoft Jet
Known/fameous malware:
Trojan.Acdropper.C
The vulnerability initially had three CVEs: CVE-2005-0944, CVE-2007-6026 and CVE-2008-1092.
The issue has been introduced on 02/17/2000. The vulnerability was handled as a non-public zero-day exploit for at least 2832 days.
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error when handling macros in Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.
Memory corruption
The vulnerability alows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to a boundary error when handling macros in Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability was being actively exploited.