No account yet?
Home » Exploits » RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities E-mail
Feeds - Exploits
Written by Microsoft   
Wednesday, 18 February 2009 20:34
RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities


-\\Bugtraq ID:
33639

-\\Class:
Unknown

-\\CVE:


-\\Remote:
Yes

-\\Local:
Yes

-\\Published:
Feb 05 2009 12:00AM

-\\Updated:
Feb 18 2009 04:58PM

-\\Credit:
Reported by the vendor.



-\\Vulnerable:
Microsoft Windows Internal Database (WYukon) x64  SP2
Microsoft Windows Internal Database (WYukon) x64  SP1
Microsoft Windows Internal Database (WYukon) x64  0
Microsoft Windows Internal Database (WYukon)  SP2
Microsoft Windows Internal Database (WYukon)  SP1
Microsoft Windows Internal Database (WYukon)  0
Microsoft Visio 2007  SP3
Microsoft Visio 2007  SP1
Microsoft Visio 2007  0
Microsoft Visio 2003 Standard  
Microsoft Visio 2003 Professional  
Microsoft Visio 2003  SP3
Microsoft Visio 2003  SP2
Microsoft Visio 2003   SP1
Microsoft Visio 2003  
Microsoft Visio 2002 Standard  SP2
Microsoft Visio 2002 Professional  SP2
Microsoft Visio 2002  SP3
Microsoft Visio 2002  SP2
Microsoft Visio 2002  SP1
Microsoft Visio 2002  
Microsoft SQL Server 2005 x64 Edition  SP3
Microsoft SQL Server 2005 x64 Edition  SP2
Microsoft SQL Server 2005 x64 Edition  SP1
Microsoft SQL Server 2005 Itanium Edition  SP3
Microsoft SQL Server 2005 Itanium Edition  SP2
Microsoft SQL Server 2005 Itanium Edition  SP1
Microsoft SQL Server 2005 Itanium Edition  0
Microsoft SQL Server 2005 Express Edition with Advanced Serv  SP2
Microsoft SQL Server 2005 Express Edition with Advanced Serv  SP1
Microsoft SQL Server 2005 Express Edition  SP2
Microsoft SQL Server 2005 Express Edition  SP1
Microsoft SQL Server 2005 Express Edition  0
Microsoft SQL Server 2005  Yukon
Microsoft SQL Server 2005  SP3
Microsoft SQL Server 2005  SP2
Microsoft SQL Server 2005  SP1
Microsoft SQL Server 2005  0
Microsoft SQL Server 2000 Itanium Edition  SP4
Microsoft SQL Server 2000 Itanium Edition  SP3
Microsoft SQL Server 2000 Itanium Edition  SP2
Microsoft SQL Server 2000 Itanium Edition  SP1
Microsoft SQL Server 2000 Itanium Edition  0
Microsoft SQL Server 2000 Desktop Engine  SP4
Microsoft SQL Server 2000 Desktop Engine  SP3
Microsoft SQL Server 2000 Desktop Engine  SP2
Microsoft SQL Server 2000 Desktop Engine  SP1
Microsoft SQL Server 2000 Desktop Engine  0
Microsoft SQL Server 2000 Desktop Engine  
+ Akiva WebBoard 6.1
+ Microsoft Access 2000  
+ Microsoft Application Center 2000  
+ Microsoft BizTalk Server 2000 Developer Edition  
+ Microsoft BizTalk Server 2000 Enterprise Edition  
+ Microsoft BizTalk Server 2000 Standard Edition  
+ Microsoft BizTalk Server 2002 Developer Edition  
+ Microsoft BizTalk Server 2002 Enterprise Edition  
+ Microsoft Office 2000  
+ Microsoft Project Central Server  
+ Microsoft SharePoint Team Services from Microsoft  
+ Microsoft Visio 2000 Enterprise Edition  
+ Microsoft Visio Enterprise Network Tools  
+ Microsoft Visual FoxPro  6.0
+ Microsoft Visual Studio  6.0
+ Microsoft Visual Studio .NET Academic Edition  0
+ Microsoft Visual Studio .NET Enterprise Architect Edition  
+ Microsoft Visual Studio .NET Enterprise Developer Edition  
+ Microsoft Visual Studio .NET Professional Edition  
+ SmartMax Software MailMax 5.0
+ Veritas Software Backup Exec for Windows Servers 9.0
Microsoft SQL Server 2000  SP4
Microsoft SQL Server 2000  SP3a
Microsoft SQL Server 2000  SP3
Microsoft SQL Server 2000  SP2
Microsoft SQL Server 2000  SP1
-Microsoft Windows 2000 Professional  SP2
-Microsoft Windows 2000 Professional  SP1
-Microsoft Windows 2000 Professional  
-Microsoft Windows NT  4.0 SP6a
-Microsoft Windows NT  4.0 SP6
-Microsoft Windows NT  4.0 SP5
Microsoft SQL Server 2000  
-Microsoft Windows 2000 Professional  SP2
-Microsoft Windows 2000 Professional  SP1
-Microsoft Windows 2000 Professional  
-Microsoft Windows NT  4.0 SP6a
-Microsoft Windows NT  4.0 SP6
-Microsoft Windows NT  4.0 SP5
-Microsoft Windows NT  4.0
Microsoft Internet Explorer 7.0.5730 .11
Microsoft Internet Explorer  7.0 beta3
Microsoft Internet Explorer  7.0 beta2
Microsoft Internet Explorer  7.0 beta1
Microsoft Internet Explorer  7.0
+ Microsoft Windows Vista  Ultimate
+ Microsoft Windows Vista  Ultimate
+ Microsoft Windows Vista  Ultimate
+ Microsoft Windows Vista  Home Premium
+ Microsoft Windows Vista  Home Premium
+ Microsoft Windows Vista  Home Premium
+ Microsoft Windows Vista  Home Premium
+ Microsoft Windows Vista  Home Premium
+ Microsoft Windows Vista  Home Basic
+ Microsoft Windows Vista  Home Basic
+ Microsoft Windows Vista  Home Basic
+ Microsoft Windows Vista  Home Basic
+ Microsoft Windows Vista  Home Basic
+ Microsoft Windows Vista  Enterprise
+ Microsoft Windows Vista  Enterprise
+ Microsoft Windows Vista  Enterprise
+ Microsoft Windows Vista  Enterprise
+ Microsoft Windows Vista  Enterprise
+ Microsoft Windows Vista  Business
+ Microsoft Windows Vista  Business
+ Microsoft Windows Vista  Business
+ Microsoft Windows Vista  Business
+ Microsoft Windows Vista  Business
+ Microsoft Windows Vista  0
+ Microsoft Windows Vista  0
+ Microsoft Windows Vista  0
+ Microsoft Windows Vista  0
+ Microsoft Windows Vista  0
Microsoft Exchange Server 2007  SP 1
Microsoft Exchange Server 2007  0
Microsoft Exchange Server 2003  SP2
Microsoft Exchange Server 2003  SP1
Microsoft Exchange Server 2003   SP1
Microsoft Exchange Server 2003  
Microsoft Exchange Server 2000  SP3
Microsoft Exchange Server 2000  SP2
-Microsoft Windows 2000 Advanced Server  SP2
-Microsoft Windows 2000 Advanced Server  SP1
-Microsoft Windows 2000 Advanced Server  
-Microsoft Windows 2000 Datacenter Server  SP2
-Microsoft Windows 2000 Datacenter Server  SP1
-Microsoft Windows 2000 Datacenter Server  
-Microsoft Windows 2000 Server  SP2
-Microsoft Windows 2000 Server  SP1
-Microsoft Windows 2000 Server  
Microsoft Exchange Server 2000  SP1
-Microsoft Windows 2000 Advanced Server  SP2
-Microsoft Windows 2000 Advanced Server  SP1
-Microsoft Windows 2000 Advanced Server  
-Microsoft Windows 2000 Datacenter Server  SP2
-Microsoft Windows 2000 Datacenter Server  SP1
-Microsoft Windows 2000 Datacenter Server  
-Microsoft Windows 2000 Server  SP2
-Microsoft Windows 2000 Server  SP1
-Microsoft Windows 2000 Server  
Microsoft Exchange Server 2000  
-Microsoft Windows 2000 Advanced Server  SP2
-Microsoft Windows 2000 Advanced Server  SP1
-Microsoft Windows 2000 Advanced Server  
-Microsoft Windows 2000 Datacenter Server  SP2
-Microsoft Windows 2000 Datacenter Server  SP1
-Microsoft Windows 2000 Datacenter Server  
-Microsoft Windows 2000 Server  SP2
-Microsoft Windows 2000 Server  SP1
-Microsoft Windows 2000 Server  



-\\Discussion
Microsoft has released advance notification that the vendor will be releasing four security bulletins on February 10, 2009. The highest severity rating for these issues is 'Critical'.

These issues affect:

- Internet Explorer
- Exchange
- SQL Server
- Office

Successfully exploiting these issues may allow remote or local attackers to compromise affected computers.

NOTE: The following individual records have been created to document these issues:

33627 Microsoft Internet Explorer Uninitialized Memory Remote Code Execution Vulnerability
33628 Microsoft Internet Explorer CSS Memory Corruption Remote Code Execution Vulnerability
33134 Microsoft Exchange Server TNEF Decoding Remote Command Execution Vulnerability
33136 Microsoft Exchange Server EMSMDB2 MAPI Command Remote Denial of Service Vulnerability
32710 Microsoft SQL Server 'sp_replwritetovarbin' Remote Memory Corruption Vulnerability
33659 Microsoft Visio Object Validation Remote Code Execution Vulnerability
33660 Microsoft Visio Object Copy Memory Corruption Remote Code Execution Vulnerability
33661 Microsoft Visio Memory Corruption Remote Code Execution Vulnerability



-\\Exploit(s)/PoC(s):
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .



-\\Solution
Microsoft plans to release fixes to address these issues on February 10, 2009.

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: This e-mail address is being protected from spambots. You need JavaScript enabled to view it .



-\\References(s)
--Microsoft Homepage
http://www.microsoft.co  (Microsoft)
--Microsoft Security Bulletin Advance Notification for February 2009
http://www.microsoft.com/technet/security/Bulletin/MS09-feb.msp  (Microsoft)
 

Security Services by HSC

Contact us

Become partner
Advertise with us
Join our staff