Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1219
    posted: 07/24/08
  • NSM Daily Update #1219
    posted: 07/24/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1219
    posted: 07/24/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1201
    posted: 07/24/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 07/24/08
Microsoft Security Bulletins

March 2008

Prior Updates:

2008 |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

March 2008

Microsoft Security Bulletin MS08-014

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (949029)

Severity: Critical
Vulnerabilities:
  • Excel Data Validation Record Vulnerability - CVE-2008-0111
    A remote code execution vulnerability exists in the way Excel processes data validation records when loading Excel files into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
  • Excel File Import Vulnerability - CVE-2008-0112
    A remote code execution vulnerability exists in the way Excel handles data when importing files into Excel. An attacker could exploit the vulnerability by importing a malformed .slk file into Excel from an attacker which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
  • Excel Style Record Vulnerability - CVE-2008-0114
    A remote code execution vulnerability exists in the way Excel handles Style record data when opening Excel file. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
  • Excel Formula Parsing Vulnerability - CVE-2008-0115
    A remote code execution vulnerability exists in the way Excel handles malformed formulas. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
  • Excel Rich Text Validation Vulnerability - CVE-2008-0116
    A remote code execution vulnerability exists in the way Excel handles rich text values when loading application data into memory. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.
  • Macro Validation Vulnerability - CVE-2008-0081
    A remote code execution vulnerability exists in the way Excel handles macros when opening specially crafted Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be hosted on a specially crafted or compromised Web site, or included as an e-mail attachment.

Microsoft Security Bulletin MS08-015

Vulnerability in Microsoft Outlook Could Allow Remote Code Execution (949031)

Severity: Critical
Vulnerabilities:
  • Outlook URI Vulnerability - CVE-2008-0110
    A remote code execution vulnerability exists in the way Outlook handles mailto URIs that could allow an attacker to read and control a user’s e-mail account. An attacker could exploit the vulnerability by convincing a user to visit a specially crafted Web page. An attacker could then read a user’s existing e-mail messages and potentially redirect all future messages to an attacker controlled system.

Microsoft Security Bulletin MS08-016

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (949030)

Severity: Critical
Vulnerabilities:
  • Microsoft Office Cell Parsing Memory Corruption Vulnerability - CVE-2008-0113
    A remote code execution vulnerability exists in the way Microsoft Office handles specially crafted Excel files. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Office Memory Corruption Vulnerability - CVE-2008-0118
    A remote code execution vulnerability exists in the way Microsoft Office processes malformed PowerPoint files. An attacker could exploit the vulnerability by creating a malformed file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-017

Vulnerabilities in Microsoft Office Web Components Could Allow Remote Code Execution (933103)

Severity: Critical
Vulnerabilities:
  • Office Web Components URL Parsing Vulnerability - CVE-2006-4695
    Remote code execution vulnerabilities exist in the way Microsoft Office Web Components manages memory resources. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Office Web Components DataSource Vulnerability - CVE-2007-1201
    Remote code execution vulnerabilities exist in the way Microsoft Office Web Components manages memory resources. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.