cancel
Showing results for 
Search instead for 
Did you mean: 

McAfee Labs Security Advisory: MTIS09‐129

December 10, 2009

MTIS09-129
Executive Summary
Since the last McAfee® Labs Security Advisory (December 9), the following noteworthy events have taken place:
  • Adobe has released an update to address multiple code-execution vulnerabilities.
  • McAfee product coverage has been updated for vulnerabilities in Microsoft Windows.

McAfee product coverage for these events:

McAfee Product Coverage *
ThreatName     Impor-
tance
DAT  BOP  Host
IPS
McAfee
Network
Security
Platform
McAfee
Vulnerability
Manager
MNAC 2.xMcAfee
Remediation
Manager
McAfee
Policy
Auditor
SCAP
MNAC
SCAP
MTIS09-129-AAdobe JPEG parsing Vuln

Medium

UA

Exp

Exp

UA

Yes

UA

Pend

UA

UA

MTIS09-129-BAdobe Flash Data Inj RCE

Medium

UA

Exp

Exp

UA

Yes

No

Pend

UA

UA

MTIS09-129-CAdobe Flash Mem Corr RCE

Medium

UA

Exp

Exp

Yes

Yes

UA

Pend

UA

UA

MTIS09-129-DATL COM Init Vuln

High

UA

Exp

Exp

Yes

Yes

Pend

Yes

UA

UA

MTIS09-129-EAdobe Flash Int OF RCE

Medium

UA

Exp

Exp

UA

Yes

No

Pend

UA

UA

MTIS09-129-FFlash multi crash RCE

Medium

UA

Exp

Exp

UA

Yes

No

UA

UA

UA



McAfee Product Coverage Updates *
ThreatAdvisoryImpor-
tance
DAT  BOP  Host
IPS
McAfee
Network
Security
Platform
McAfee
Vulnerability
Manager
MNAC 2.xMcAfee
Remediation
Manager
McAfee
Policy
Auditor
SCAP
MNAC
SCAP
MTIS09-128-A
LclSecAuth Subsys Vuln
Previous

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Yes

UA

UA

MTIS09-128-B
Sgle SO Spoof in ADFS
Previous

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

N/A

Yes

Pend

Yes

UA

UA

MTIS09-128-C
RCE in ADFS Vuln
Previous

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-D
Mem Corr in IAS Vuln
Previous

High

N/A

Exp

Exp

N/A

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Exp

N/A

Yes

Pend

Yes

UA

UA

MTIS09-128-E
MS-CHAP Auth Byps Vuln
Previous

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Pend

UA

UA

Current

Medium

N/A

N/A

N/A

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-F
ATL COM Init Vuln
Previous

High

N/A

Exp

Yes

Yes

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Yes

Yes

Yes

Pend

Yes

UA

UA

MTIS09-128-G
Uninit Mem Corupt Vuln
Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

UA

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-H
HTML ObjMem Corpt Vuln
Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-I
Unit Mem Crptn Vuln
Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

N/A

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-J
ATL COM Init Vuln
Previous

High

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

UA

Exp

Yes

Yes

Yes

Pend

Yes

UA

UA

MTIS09-128-L
Pjct Mem Val Vuln
Previous

High

N/A

N/A

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

High

UA

N/A

Exp

Pend

Yes

Pend

Yes

UA

UA

MTIS09-128-K
WP and OfcTxt Mem Vuln
Previous

Medium

N/A

Exp

Exp

Pend

Yes

Pend

Pend

UA

UA

Current

Medium

UA

Exp

Exp

Pend

Yes

Pend

Yes

UA

UA

Adobe Flash player / AIR JPEG data parsing Remote Code Execution Vulnerability[MTIS09-129-A]
 
Threat Identifier(s)CVE-2009-3794
Threat TypeVulnerability
Risk AssessmentCritical
Main Threat VectorsWeb
User Interaction RequiredNo
Description
A vulnerability in Adobe Flash Player and Adobe AIR while parsing JPEG data could potentially lead to code execution.
ImportanceMedium. On December 8 Adobe released an update to address this issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
Under analysis
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 9 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xUnder analysis
   McAfee Remediation
   Manager
An upcoming V-Flash will provide coverage.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional InformationSecurity updates available for Adobe Flash Player
Adobe Flash Player - Upgrade to the latest version

Back to top
Adobe Flash Player Data Injection Remote Code Execution Vulnerability[MTIS09-129-B]
 
Threat Identifier(s)CVE-2009-3796
Threat TypeVulnerability
Risk AssessmentCritical
Main Threat VectorsWeb; E-Mail
User Interaction RequiredNo
Description
A data-injection vulnerability in Adobe Flash Player and Adobe AIR could lead to code execution.
ImportanceMedium. On December 8 Adobe released an update to address this issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
Under analysis
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 9 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xOut of scope
   McAfee Remediation
   Manager
An upcoming V-Flash will provide coverage.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional InformationSecurity updates available for Adobe Flash Player
Adobe Flash Player - Upgrade to the latest version

Back to top
Adobe Flash Player Memory Corruption Remote code execution Vulnerability[MTIS09-129-C]
 
Threat Identifier(s)CVE-2009-3797
Threat TypeVulnerability
Risk AssessmentCritical
Main Threat VectorsWeb; E-Mail
User Interaction RequiredNo
Description
A vulnerability in Adobe Flash Player that causes memory corruption could lead to remote code execution.
ImportanceMedium. On December 8 Adobe released an update to address this issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Adobe Flash Player Memory Corruption Vulnerability," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 9 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xUnder analysis
   McAfee Remediation
   Manager
An upcoming V-Flash will provide coverage.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional InformationSecurity updates available for Adobe Flash Player
Adobe Flash Player - Upgrade to the latest version

Back to top
(MS09-072) ATL COM Initialization Vulnerability (976325)[MTIS09-129-D]
 
Threat Identifier(s)CVE-2009-2493
Threat TypeVulnerability
Risk AssessmentCritical
Main Threat VectorsWeb; E-Mail; Peer-to-Peer Networks
User Interaction RequiredNo
Description
A vulnerability in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers could allow remote code execution. Attackers could exploit the vulnerability via a specially crafted web page. When a user views the page, the attacker could execute remote code.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits IV," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-072
976325
ATL COM Initialization Vulnerability (976325

Back to top
Adobe Flash Player Integer Overflow Remote Code Execution Vulnerability[MTIS09-129-E]
 
Threat Identifier(s)CVE-2009-3799
Threat TypeVulnerability
Risk AssessmentCritical
Main Threat VectorsE-Mail; Web
User Interaction RequiredNo
Description
An integer-overflow vulnerability in Adobe Flash Player and Adobe AIR could lead to remote code execution.
ImportanceMedium. On December 8 Adobe released an update to address this issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
Under analysis
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 9 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xOut of scope
   McAfee Remediation
   Manager
An upcoming V-Flash will provide coverage.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional InformationSecurity updates available for Adobe Flash Player
Adobe Flash Player - Upgrade to the latest version

Back to top
Adobe Flash Player Multiple Crash Remote Code Execution Vulnerability[MTIS09-129-F]
 
Threat Identifier(s)CVE-2009-3800
Threat TypeVulnerability
Risk AssessmentCritical
Main Threat VectorsE-Mail; Web
User Interaction RequiredNo
Description
Multiple crash vulnerabilities in Adobe Flash Player and AIR could lead to remote code execution.
ImportanceMedium. On December 8 Adobe released an update to address this issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
Under analysis
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 9 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xOut of scope
   McAfee Remediation
   Manager
Under analysis
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional InformationSecurity updates available for Adobe Flash Player
Adobe Flash Player - Upgrade to the latest version

Back to top
(MS09-069) Local Security Authority Subsystem Service Resource Exhaustion Vulnerability (974392)[MTIS09-128-A]
 
Threat Identifier(s)CVE-2009-3675
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsWeb; WAN; Peer-to-Peer Networks
User Interaction RequiredNo
Description
A vulnerability in Microsoft Windows could allow a denial of service. The vulnerability exists due to the Local Security Authority Subsystem Service (LSASS) improperly handling a specially crafted ISAKMP message while communicating via IPSEC. A remote user could send a maliciously crafted ISAKMP message to the server that would cause LSASS.exe to consume system resources, resulting in a denial of service.
ImportanceMedium. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesOut of scope
   VSE BOPOut of scope
   Host IPSOut of scope
   McAfee Network Security
   Platform
Coverage not warranted at this time
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-069
974392
Local Security Authority Subsystem Service Resource Exhaustion Vulnerability (974392

Back to top
(MS09-070) Single Sign On Spoofing in ADFS Vulnerability (971726)[MTIS09-128-B]
 
Threat Identifier(s)CVE-2009-2508
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsLocally logged-on user; Web
User Interaction RequiredNo
Description
A vulnerability in Active Directory Federation Services could allow spoofing. The vulnerability could allow an attacker to impersonate an authenticated user if the attacker has access to a terminal and web browser that was recently used by the targeted user to access a website offering single sign-on.
ImportanceMedium. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesOut of scope
   VSE BOPOut of scope
   Host IPSOut of scope
   McAfee Network Security
   Platform
Coverage not warranted at this time
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-070
971726
Single Sign On Spoofing in ADFS Vulnerability (971726

Back to top
(MS09-070) Remote Code Execution in ADFS Vulnerability (971726)[MTIS09-128-C]
 
Threat Identifier(s)CVE-2009-2509
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsWeb; Locally logged-on user
User Interaction RequiredNo
Description
A vulnerability in implementations of Microsoft's Active Directory Federation Services (ADFS) could allow remote code execution. The vulnerability is due to incorrect validation of request headers when an authenticated user connects to an ADFS-enabled web server. Exploiting this vulnerability could allow an attacker to take complete control of a system.
ImportanceMedium. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesOut of scope
   VSE BOPOut of scope
   Host IPSOut of scope
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Remote Code Execution in ADFS Vulnerability," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-070
971726
Remote Code Execution in ADFS Vulnerability (971726

Back to top
(MS09-071) Memory Corruption in Internet Authentication Service Vulnerability (974318)[MTIS09-128-D]
 
Threat Identifier(s)CVE-2009-2505
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsLocally logged-on user; Web
User Interaction RequiredNo
Description
A vulnerability in implementations of PEAP on the Internet Authentication Service could allow remote code execution. The vulnerability is caused by the incorrect copying of messages received by the server in memory when handling PEAP authentication attempts. Exploiting the vulnerability could allow an attacker to take complete control of a system.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesOut of scope
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
Coverage not warranted at this time
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-071
974318
Memory Corruption in Internet Authentication Service Vulnerability (974318

Back to top
(MS09-071) MS-CHAP Authentication Bypass in Internet Authentication Service Vulnerability (974318)[MTIS09-128-E]
 
Threat Identifier(s)CVE-2009-3677
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsLocally logged-on user; Web
User Interaction RequiredNo
Description
A vulnerability in Microsoft's Internet Authentication Service could allow the elevation of privileges. The vulnerability is caused by the Internet Authentication Service incorrectly validating an MS-CHAP v2 authentication request. This causes the server to consider the request valid, even when incorrect credentials may have been provided.
ImportanceMedium. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesOut of scope
   VSE BOPOut of scope
   Host IPSOut of scope
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "RADIUS: MS-CHAP Authentication Bypass in Internet Authentication Service Vulnerability," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-071
974318
MS-CHAP Authentication Bypass in Internet Authentication Service Vulnerability (974318

Back to top
(MS09-072) ATL COM Initialization Vulnerability (976325)[MTIS09-128-F]
 
Threat Identifier(s)CVE-2009-2493
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsWeb; E-Mail; Peer-to-Peer Networks
User Interaction RequiredYes
Description
A vulnerability in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers could allow remote code execution. Attackers could exploit the vulnerability via a specially crafted web page. When a user views the page, the remote code execution could be possible.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesCoverage not warranted at this time
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection for code-execution exploits is provided through Signature 2924.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits IV," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-072
976325
ATL COM Initialization Vulnerability (976325

Back to top
(MS09-072) Uninitialized Memory Corruption Vulnerability (976325)[MTIS09-128-G]
 
Threat Identifier(s)CVE-2009-3671
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsWeb; Peer-to-Peer Networks; E-Mail
User Interaction RequiredYes
Description
A vulnerability in Internet Explorer may allow an attacker to execute remote code. The vulnerability lies in the way Internet Explorer accesses an object that hasn't been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution. An attacker exploiting the vulnerability could gain the same user rights as the logged-on user.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Internet Explorer Uninitialized Memory Corruption Vulnerability V," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-072
976325
Uninitialized Memory Corruption Vulnerability (976325

Back to top
(MS09-072) HTML Object Memory Corruption Vulnerability (976325)[MTIS09-128-H]
 
Threat Identifier(s)CVE-2009-3672
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsWeb; E-Mail; Peer-to-Peer Networks
User Interaction RequiredYes
Description
A vulnerability in Internet Explorer may allow an attacker to execute remote code. The vulnerability lies in the way Internet Explorer accesses an object that hasn't been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution. An attacker exploiting the vulnerability could gain the same user rights as the logged-on user.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesCoverage not warranted at this time
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Internet Explorer HTML Object Memory Corruption Vulnerability," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-072
976325
HTML Object Memory Corruption Vulnerability (976325

Back to top
(MS09-072) Uninitialized Memory Corruption Vulnerability (976325)[MTIS09-128-I]
 
Threat Identifier(s)CVE-2009-3673
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsE-Mail; Peer-to-Peer Networks; Web
User Interaction RequiredYes
Description
A vulnerability in Internet Explorer may allow an attacker to execute remote code. The vulnerability lies in the way Internet Explorer accesses an object that hasn't been correctly initialized or has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted web page. When a user views the web page, the vulnerability could allow remote code execution. An attacker exploiting the vulnerability could gain the same user rights as the logged-on user.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesCoverage not warranted at this time
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Internet Explorer Uninitialized Memory Corruption Vulnerability VII," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-072
976325
Uninitialized Memory Corruption Vulnerability (976325

Back to top
(MS09-072) ATL COM Initialization Vulnerability (976325)[MTIS09-128-J]
 
Threat Identifier(s)CVE-2009-2493
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsWeb; E-Mail; Peer-to-Peer Networks
User Interaction RequiredYes
Description
A vulnerability in an ActiveX control built with vulnerable Microsoft Active Template Library (ATL) headers could allow remote code execution. Attackers could exploit the vulnerability via a specially crafted web page. When a user views the page, the attacker could execute remote code.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Microsoft ATL COM Initialization Vulnerability ActiveX Kill Bits IV," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-072
976325
ATL COM Initialization Vulnerability (976325

Back to top
(MS09-074) Project Memory Validation Vulnerability (967183)[MTIS09-128-L]
 
Threat Identifier(s)CVE-2009-0102
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsE-Mail; Peer-to-Peer Networks; IM; Web
User Interaction RequiredYes
Description
A vulnerability in Microsoft Office Project could allow remote code execution. The vulnerability lies in the way Project handles specially crafted Project files. The vulnerability could be exploited by sending a malformed file as an email attachment or hosted on a specially crafted or compromised website. If a user were logged on with administrative user rights, an attacker could exploit the vulnerability and take complete control of an affected system.
ImportanceHigh. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPOut of scope
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: Project Memory Validation Vulnerability," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-074
967183
Project Memory Validation Vulnerability (967183

Back to top
(MS09-073) WordPad and Office Text converter Memory Corruption Vulnerability (975539)[MTIS09-128-K]
 
Threat Identifier(s)CVE-2009-2506
Threat TypeVulnerability
Risk AssessmentMedium
Main Threat VectorsE-Mail; IM; Peer-to-Peer Networks; Web
User Interaction RequiredYes
Description
A vulnerability in WordPad and Microsoft Office Word could allow remote code execution. The vulnerability lies in the way that text converters in WordPad and Word process memory when a user opens a specially crafted Word 97 file. Exploiting this vulnerability could allow an attacker to remotely take complete control of a system.
ImportanceMedium. On December 8 Microsoft released a patch that fixes the issue.
McAfee Product Coverage *
   DAT filesUnder analysis
   VSE BOPBuffer overflow protection is expected to cover code-execution exploits.
   Host IPSBuffer overflow protection is expected to cover code-execution exploits.
   McAfee Network Security
   Platform
The sigset release of December 8 includes the signature "HTTP: WordPad and Office Text Converter Memory Corruption Vulnerability," which provides coverage.
   McAfee Vulnerability
   Manager
The FSL/MVM package of December 8 includes a vulnerability check to assess if your systems are at risk.
   MNAC 2.xThe MNAC release of December 9 will include a vulnerability check to assess if your systems are at risk.
   McAfee Remediation
   Manager
The V-Flash of December 9 contains coverage for Windows.
   McAfee Policy Auditor SCAPUnder analysis
   MNAC SCAPUnder analysis
Additional Information(MS09-073
975539
WordPad and Office Text converter Memory Corruption Vulnerability (975539

Back to top
Detailed descriptions of the Security Advisories can be found in the Users Guide: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_UsersGuide.pdf

For more information on McAfee Avert Labs Security Advisories, see: https://kc.mcafee.com/content/mtis/McAfee_Avert_Labs_Security_Advisory_FAQ.pdf

For McAfee Technical Support, click here.

For Multi-National Phone Support, click here.

McAfee values your feedback on this Security Advisory. Please reply to this mail with your comments.

*The information provided is only for the use and convenience of McAfee's customers in connection with their McAfee products, and applies only to the threats described herein. McAfee product coverage statements are limited to known attack vectors and should not be considered comprehensive. THE INFORMATION PROVIDED HEREIN IS PROVIDED "AS IS" AND IS SUBJECT TO CHANGE WITHOUT NOTICE.

The information contained herein is the property of McAfee, Inc. and may not be reproduced or disseminated without the expressed written consent of McAfee, Inc.

McAfee and/or additional marks herein are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the United States and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

McAfee, Inc. 3965 Freedom Circle, Santa Clara, CA 95054 888.847.8766 www.mcafee.com

® 2009 McAfee, Inc. All rights reserved.

Version history
Revision #:
1 of 1
Last update:
‎12-18-2009 08:07 AM
Updated by: