Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1282
    posted: 10/10/08
  • NSM Daily Update #1282
    posted: 10/10/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1282
    posted: 10/10/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1274
    posted: 10/10/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 10/10/08
Microsoft Security Bulletins

May 2008

Prior Updates:

2008 |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

May 2008

Microsoft Security Bulletin MS08-026

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (951207)

Severity: Critical
Vulnerabilities:
  • Object Parsing Vulnerability - CVE-2008-1091
    A remote code execution vulnerability exists in the way that Microsoft Office handles specially crafted Rich Text Format (.rtf) files. The vulnerability could allow remote code execution if a user opens a specially crafted .rtf file with malformed strings in Word or previews a specially crafted .rtf file with malformed strings in rich text e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
  • Word Cascading Style Sheet (CSS) Vulnerability - CVE-2008-1434
    A remote code execution vulnerability exists in the way that Microsoft Word handles specially crafted Word files. The vulnerability could allow remote code execution if a user opens a specially crafted Word file that includes a malformed CSS value. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft Security Bulletin MS08-027

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (951208)

Severity: Critical
Vulnerabilities:
  • Publisher Object Handler Validation Vulnerability - CVE-2008-0119
    A remote code execution vulnerability exists in the way Microsoft Publisher validates object header data. An attacker could exploit the vulnerability by sending a specially crafted Publisher file which could be included as an e-mail attachment, or hosted on a specially crafted or compromised Web site. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-028

Vulnerability in Microsoft Jet Database Engine Could Allow Remote Code Execution (950749)

Severity: Critical
Vulnerabilities:
  • Microsoft Jet Engine MDB File Parsing Stack Overflow Vulnerability - CVE-2007-6026
    A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by creating a specially crafted database query and sending it through an application that is using Jet on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Microsoft Security Bulletin MS08-029

Vulnerabilities in Microsoft Malware Protection Engine Could Allow Denial of Service (952044)

Severity: Moderate
Vulnerabilities:
  • Microsoft Malware Protection Engine Vulnerability- CVE-2008-1437
    A denial of service vulnerability exists in the way that the Microsoft Malware Protection Engine processes specially crafted files. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause the Microsoft Malware Protection Engine to stop responding and automatically restart.
  • Microsoft Malware Protection Engine Vulnerability- CVE-2008-1438
    A denial of service vulnerability exists in the way that the Microsoft Malware Protection Engine processes specially crafted files. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow denial of service when received by the target computer system and scanned by the Microsoft Malware Protection Engine. An attacker who successfully exploited this vulnerability could cause disk-space exhaustion, leading to a denial of service condition and automatic restart.