Blog
Microsoft has finally patched the Snapshot Viewer ActiveX control vulnerability, which we have previously blogged about when we discovered hundreds of sites silently infecting their visitors with modified proof-of-concept exploit code. The window of exposure for this web-borne attack is at least 1 month and 5 days, given that it was first publicly announced on July 7th and only patched today.
Our next point of interest is the MS Windows Image Color Management System (MS08-046) remote code execution vulnerability. Why is this particularly interesting to us? Because all one needs to do to get infected is to accidentally display a specially crafted image file. It could be an image that's a part of a web site that the victim visited, or an image embedded inside of an MS Office document forwarded from a co-worker (it was supposed to be one of those funny viral jokes!)
The special image only needs to be displayed — explicit double-clicking on suspicious icons or any user-intervention not necessary. Yes, this could be used by malicious sites for a drive-by attack. We wouldn't be surprised to see social-engineering unsolicited emails with links that would lead to these malicious sites.
If that's not enough web threats for this month, there's also a cumulative security update for Internet Explorer.
This month's Patch Tuesday honor roll —
Rated Critical:
MS08-046 - Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution
MS08-045 - Cumulative Security Update for Internet Explorer
MS08-041 - Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution
MS08-043 - Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
MS08-051 - Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
MS08-044 - Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
Rated Important:
MS08-047 - Vulnerability in IPsec Policy Processing Could Allow Information Disclosure
MS08-049 - Vulnerabilities in Event System Could Allow Remote Code Execution
MS08-048 - Security Update for Outlook Express and Windows Mail
MS08-050 - Vulnerability in Windows Messenger Could Allow Information Disclosure
MS08-042 - Vulnerability in Microsoft Word Could Allow Remote Code Execution
As always, we'll continue to proactively seek and report on such threats when we detect them in the wild — and strive to protect, especially during the critical window-of-exposure period.
Security Researchers: Moti Joseph and Jay Liew
Post a Comment:






