Content
(MS09-062) Memory Corruption Vulnerability (957488)
- Type
- Logic error
- Impact of exploitation
- Remote Code Execution
- User Interaction
- user interaction is needed
- Attack Vector
- Maliciously Crafted File
- Rating
- Medium
- CVE reference
- CVE-2009-2528,
- Vendor Status
- Responded and patched
- Vulnerable systems
- Office 2000 SP3,
- Office XP SP3,
- Summary
- A vulnerability in Microsoft Office (GDI+) may allow remote code execution.
Tab Navigation
Description
A vulnerability in Microsoft Office (GDI+) may allow remote code execution. The vulnerability could allow remote code execution if a user opens a specially crafted Office file that includes a malformed object. Successful exploitation could allow an attacker to take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-062) Memory Corruption Vulnerability (957488)
- Signature identifier:
- 7217
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft GDI+ Memory Corruption Vulnerability
- Signature identifier:
- 0x40268500
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-062) Memory Corruption Vulnerability (957488)
- Signature identifier:
- 7217
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
The Remedy V-Flash of 10/14/2009 contains remedies for this issue.
- Signature:
- MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
- Signature identifier:
- 98936
- Release date:
- 10/14/2009
Additional Resources
(MS09-062) Memory Corruption Vulnerability (957488)
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
All Information
Timeline -
10/16/2009
A proof of concept has been released.
10/13/2009
Vendor has provided a patch.
Description -
A vulnerability in Microsoft Office (GDI+) may allow remote code execution. The vulnerability could allow remote code execution if a user opens a specially crafted Office file that includes a malformed object. Successful exploitation could allow an attacker to take complete control of an affected system. The attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
McAfee Product Mitigation & Recommendations
Recommendations -
The vendor has released a patch to address this issue: http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
McAfee Product Mitigation
McAfee Foundstone
- Signature:
- (MS09-062) Memory Corruption Vulnerability (957488)
- Signature identifier:
- 7217
- Release date:
- 10/13/2009
McAfee Intrushield
- Signature:
- HTTP: Microsoft GDI+ Memory Corruption Vulnerability
- Signature identifier:
- 0x40268500
- Release date:
- 10/13/2009
- First released in:
- 4.1.59, 5.1.29
McAfee Host IPS
- Signature:
- Generic Buffer Overflow Protection
- Signature identifier:
- 428
- Release date:
- 8/24/2000
- First released in:
- 2.0
- Signature:
- (MS09-062) Memory Corruption Vulnerability (957488)
- Signature identifier:
- 7217
- Release date:
- 10/14/2009
McAfee VirusScan Enterprise 8.0i (VSE8.0i) / Managed Virus Scan (MVS) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
McAfee VirusScan Enterprise 8.5i (VSE8.5i) /Total Protection for Small Business (ToPS SB) Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
- Signature:
- Generic Buffer Overflow Protection
The Remedy V-Flash of 10/14/2009 contains remedies for this issue.
- Signature:
- MS09-062 - Vulnerabilities in GDI+ Could Allow Remote Code Execution (957488)
- Signature identifier:
- 98936
- Release date:
- 10/14/2009
Additional Resources
Additional Resources -
(MS09-062) Memory Corruption Vulnerability (957488)
http://www.microsoft.com/technet/security/bulletin/ms09-062.mspx
