[NT] Microsoft Hierarchical FlexGrid Control Integer Overflows (MS08-070)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 14 Dec 2008 10:27:47 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Microsoft Hierarchical FlexGrid Control Integer Overflows (MS08-070)
------------------------------------------------------------------------
SUMMARY
Secunia Research has discovered some vulnerabilities in Microsoft
Hierarchical FlexGrid Control bundled with various products, which can be
exploited by malicious people to compromise a user's system.
DETAILS
Vulnerable Systems:
* Microsoft Hierarchical FlexGrid Control version 6.0.88.4
The vulnerabilities are caused due to integer overflow errors in the
ActiveX control (mshflxgd.ocx) when handling the "Rows" and "Cols"
properties and the "ExpandAll()" and "CollapseAll()" methods. These can be
exploited to corrupt memory.
Successful exploitation allows execution of arbitrary code.
Solution:
Install Microsoft provided patch MS08-070 (KB932349):
<http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx>
http://www.microsoft.com/technet/security/Bulletin/MS08-070.mspx
Time Table:
28/08/2007 - Vendor notified.
28/08/2007 - Vendor response.
26/09/2007 - Additional information provided and status update requested.
26/09/2007 - Vendor informs that status update will be provided soon.
10/10/2007 - Vendor provides status update.
23/11/2007 - Status update requested.
24/11/2007 - Vendor provides status update.
15/08/2008 - Status update requested.
09/09/2008 - Status update requested.
26/09/2008 - Status update requested and vendor informed that advisory
will be published in a week if no status update is provided.
29/09/2008 - Vendor provides status update.
31/10/2008 - Vendor provides status update (targeted for November).
07/11/2008 - Vendor provides status update (targeted for December).
05/12/2008 - Vendor provides status update (on track for December).
09/12/2008 - Vendor acknowledges that fix will be issued today.
09/12/2008 - Vendor publishes security bulletin.
09/12/2008 - Public disclosure.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4254>
CVE-2008-4254
ADDITIONAL INFORMATION
The information has been provided by Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2007-72/>
http://secunia.com/secunia_research/2007-72/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] Aruba Mobility Controller Malformed EAP Frame DoS Vulnerability
- Next by Date: [TOOL] JPEG Fuzzer
- Previous by thread: [NEWS] Aruba Mobility Controller Malformed EAP Frame DoS Vulnerability
- Next by thread: [TOOL] JPEG Fuzzer
- Index(es):
Relevant Pages
|
