Home | Skip to Content | Skip to Search | Skip to Navigation | Skip to Footer |
Worldwide [change] |Register |About Cisco
Guest

IntelliShield Event Response: Microsoft Security Bulletin for August 2008

August 12, 2008

Microsoft published its monthly security bulletin release on August 12, 2008. Eleven bulletins were released that address 26 individual vulnerabilities. Microsoft has rated six bulletins as Critical and five as Important. The Critical advisories address six vulnerabilities in Internet Explorer, one in Microsoft Windows, four in Office Excel, three in Office PowerPoint, one in Office Access, and five in Office.  Each vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user.  The Important advisories address one vulnerability in Outlook Express and Windows Mail, one vulnerability in Live, MSN, and Windows Messenger, one vulnerability in Office Word, and three vulnerabilities in Microsoft Windows.  The Important vulnerabilities could allow attackers to view sensitive information on affected systems or execute arbitrary code.


Cisco Applied Mitigation Bulletin

Cisco Applied Mitigation Bulletins provide identification and mitigation techniques that administrators can deploy on Cisco network devices. When applicable, Cisco IOS access control lists, Cisco Intrusion Prevention System (IPS) signatures, Cisco IOS NetFlow, and firewall inspection are among the techniques discussed in the bulletins.

Cisco Applied Mitigation Bulletin: Microsoft Security Bulletin for August 2008


Cisco Contact Center and Self Service Products Impact Assessment

These Impact Assessments evaluate Microsoft security bulletins and associated software updates for potential impact to Cisco Contact Center and Self Service Products products. For each respective Microsoft Security Bulletin, a Microsoft update is assigned one of three categorical ratings: Impacting, Deferred, or Not Applicable.

Impact Assessment of August 2008 Microsoft Security Bulletins on Cisco Contact Center and Self Service Products

Cisco Security IntelliShield Alert Manager and Cisco IPS

The following table identifies Cisco Security IntelliShield Alert Manager alerts and Cisco IPS signatures that are associated with this Microsoft update:

Microsoft Security Bulletin Affected Product Cisco IntelliShield Alert CVE ID
Search CVEs		 Cisco IPS Signature CVSS
Base Score
CVSS Q&A

Microsoft Security Bulletin MS08-041

Vulnerability in the ActiveX Control for the Snapshot Viewer for Microsoft Access Could Allow Remote Code Execution

Microsoft Office Access

Microsoft SnapShot Viewer for Microsoft Access

 Microsoft Snapshot Viewer ActiveX Control Arbitrary File Upload Vulnerability CVE-2008-2463
6968-0
6968-1
6968-2
6968-3
6968-4
7.1

Microsoft Security Bulletin MS08-042

Vulnerability in Microsoft Word Could Allow Remote Code Execution

Microsoft Word

 Microsoft Word Memory Corruption Arbitrary Code Execution Vulnerability CVE-2008-2244
6969-0
 9.3

Microsoft Security Bulletin MS08-043

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution

 Microsoft Excel

Microsoft Office Excel Viewer

Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats

Microsoft Office SharePoint Server

Microsoft Office for Mac

Microsoft Office Excel Insecure Password Caching Information Disclosure Vulnerability CVE-2008-3003
1.3
Microsoft Office Excel AxesSet Record Handling Arbitrary Code Execution Vulnerability CVE-2008-3004
7210-0
 9.3
Microsoft Office Excel Index Array Record Handling Arbitrary Code Execution Vulnerability CVE-2008-3005
7210-1
 9.3
Microsoft Office Excel Record Value Handling Arbitrary Code Execution Vulnerability CVE-2008-3006
7210-2
 9.3

Microsoft Security Bulletin MS08-044

Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution

Microsoft Works

Microsoft Office

Microsoft Office Project

Microsoft Office Converter Pack

 Microsoft Office PICT Image Processing Memory Corruption Vulnerability CVE-2008-3018
6282-0
 9.3
Microsoft Office Encapsulated PostScript Image Processing Arbitrary Code Execution Vulnerability CVE-2008-3019
6281-0
 9.3
Microsoft Office Filter BMP Processing Memory Corruption Vulnerability CVE-2008-3020
6283-0
 9.3
Microsoft Office PICT Image Parsing Arbitrary Code Execution Vulnerability CVE-2008-3021
6983-0
 9.3
Microsoft Office Filter WPG Image Processing Memory Corruption Vulnerability CVE-2008-3460
6985-0
 9.3

Microsoft Security Bulletin MS08-045

Cumulative Security Update for Internet Explorer

Microsoft Internet Explorer

Microsoft Windows Internet Explorer

 

 Microsoft Internet Explorer HTML Object Processing Arbitrary Code Execution Vulnerability CVE-2008-2254
6932-0
 9.3
Microsoft Internet Explorer HTML Object Handling Arbitrary Code Execution Vulnerability CVE-2008-2255
5940-0
 9.3
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability CVE-2008-2256
9.3
Microsoft Internet Explorer HTML Object Processing Memory Corruption Vulnerability CVE-2008-2257
6986-0
 9.3
Microsoft Internet Explorer HTML Object Handling Memory Corruption Vulnerability CVE-2008-2258
6986-1
 9.3
Microsoft Internet Explorer Argument Validation Print Preview Memory Corruption Vulnerability CVE-2008-2259
6938-0
 9.3

Microsoft Security Bulletin MS08-046

Vulnerability in Microsoft Windows Image Color Management System Could Allow Remote Code Execution


Microsoft Windows

Microsoft Windows XP

Microsoft Windows Server

Microsoft Windows Image Color Management System Buffer Overflow Vulnerability CVE-2008-2245
6984-0
6984-1
6984-2
6984-3
6984-4
6017-2
 9.3

Microsoft Security Bulletin MS08-047

Vulnerability in IPsec Policy Processing Could Allow Information Disclosure

Microsoft Windows Vista

Microsoft Windows Server

 Microsoft Windows IPsec Policy Bypass Information Disclosure Issue CVE-2008-2246
N/A

Microsoft Security Bulletin MS08-048

Security Update for Outlook Express and Windows Mail


Microsoft Outlook Express

Microsoft Windows Mail

 Microsoft Outlook Express and Windows Mail MHTML Handler Cross-Domain Information Disclosure Vulnerability CVE-2008-1448
5775-1
 4.3

Microsoft Security Bulletin MS08-049

Vulnerabilities in Event System Could Allow Remote Code Execution

Microsoft Windows

Microsoft Windows XP

Microsoft Windows Server

Microsoft Windows Vista

 Microsoft Windows Event System Index Range Validation Vulnerability CVE-2008-1456
6.8
Microsoft Windows Event System User Subscription Validation Vulnerability CVE-2008-1457
6.8

Microsoft Security Bulletin MS08-050

Vulnerability in Windows Messenger Could Allow Information Disclosure

Microsoft
Windows Messenger 		Microsoft Messaging Clients ActiveX Control Information Disclosure Vulnerability CVE-2008-0082
6280-0
 4.3

Microsoft Security Bulletin MS08-051

Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution

Microsoft Office PowerPoint

Microsoft Office PowerPoint Viewer


Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Microsoft Office for Mac

Microsoft Office PowerPoint Viewer Memory Allocation Error Vulnerability CVE-2008-0120
6981-0
6981-1
6777-2
 9.3
Microsoft Office PowerPoint Viewer Arbitrary Code Execution Vulnerability CVE-2008-0121
6976-0
 9.3
Microsoft Office PowerPoint List Value Parsing Vulnerability CVE-2008-1455
6978-0
 9.3

 

Return to Cisco Security Center