|
| Tue, 12 Aug 2008 08:00:00 GMT MS08-051 – Critical: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (949785) |
| Bulletin Severity Rating:Critical - This security update resolves three privately reported vulnerabilities in Microsoft Office PowerPoint and Microsoft Office PowerPoint Viewer that could allow remote code execution if a user opens a specially crafted PowerPoint file. An attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Tue, 12 Aug 2008 08:00:00 GMT MS08-050 – Important: Vulnerability in Windows Messenger Could Allow Information Disclosure (955702) |
| Bulletin Severity Rating:Important - This security update resolves a publicly reported vulnerability in supported versions of Windows Messenger. As a result of this vulnerability, scripting of an ActiveX control could allow information disclosure in the context of the logged-on user. An attacker could change state, get contact information, and initiate audio and video chat sessions without the knowledge of the logged-on user. An attacker could also capture the user’s logon ID and remotely log on to the user’s Messenger client impersonating that user. |
| Tue, 12 Aug 2008 08:00:00 GMT MS08-049 – Important: Vulnerabilities in Event System Could Allow Remote Code Execution (950974) |
| Bulletin Severity Rating:Important - This update resolves two privately reported vulnerabilities in Microsoft Windows Event System that could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full administrative rights. |
| Tue, 12 Aug 2008 08:00:00 GMT MS08-048 - Important: Security Update for Outlook Express and Windows Mail (951066) |
| Bulletin Severity Rating:Important - This security update resolves a privately reported vulnerability in Outlook Express and Windows Mail. The vulnerability could allow information disclosure if a user visits a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
| Tue, 12 Aug 2008 08:00:00 GMT MS08-047 – Important: Vulnerability in IPsec Policy Processing Could Allow Information Disclosure (953733) |
| Bulletin Severity Rating:Important - This update resolves a privately reported vulnerability in the way certain Windows Internet Protocol Security (IPsec) rules are applied. This vulnerability could cause systems to ignore IPsec policies and transmit network traffic in clear text. This, in turn, would disclose information intended to be encrypted on the network. An attacker viewing the traffic on the network would be able to view and possibly modify the contents of the traffic. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly. It could be used to collect useful information to try to further compromise the affected system or network. |
|
| Mon, 18 Aug 2008 08:30:00 PST Vulnerability in Cisco WebEx Meeting Manager ActiveX Control |
An ActiveX control (atucfobj.dll) that is used by the Cisco WebEx Meeting Manager contains a buffer overflow vulnerability that may result in a denial of service or remote code execution. The WebEx Meeting Manager is a client-side program that is provided by the Cisco WebEx meeting service. The Cisco WebEx meeting service automatically downloads, installs, and configures Meeting Manager the first time a user begins or joins a meeting. |
| Tue, 29 Jul 2008 08:00:00 PST Multiple Cisco Products Vulnerable to DNS Cache Poisoning Attacks |
 |
| Thu, 03 Jul 2008 05:30:00 PST Multiple Vulnerabilities in Cisco IOS While Processing SSL Packets |
Cisco IOS devices may crash while processing malformed Secure Sockets Layer (SSL) packets. In order to trigger these vulnerabilities, a malicious client must send malformed packets during the SSL protocol exchange with the vulnerable device. |
| Thu, 03 Jul 2008 05:30:00 PST Cisco IOS User Datagram Protocol Delivery Issue For IPv4/IPv6 Dual-stack Routers |
A device running Cisco IOS software that has Internet Protocol version 6 (IPv6) enabled may be subject to a denial of service (DoS) attack. For the device to be affected by this vulnerability the device also has to have certain Internet Protocol version 4 (IPv4) User Datagram Protocol (UDP) services enabled. To exploit this vulnerability an offending IPv6 packet must be targeted to the device. Packets that are routed throughout the router can not trigger this vulnerability. Successful exploitation will prevent the interface from receiving any additional traffic. The only exception is Resource Reservation Protocol (RSVP) service, which if exploited, will cause the device to crash. Only the interface on which the vulnerability was exploited will be affected.  |
| Thu, 03 Jul 2008 05:30:00 PST Cisco IOS Virtual Private Dial-up Network Denial of Service Vulnerability |
Two vulnerabilities exist in the virtual private dial-up network (VPDN) solution when Point-to-Point Tunneling Protocol (PPTP) is used in certain Cisco IOS releases prior to 12.3. PPTP is only one of the supported tunneling protocols used to tunnel PPP frames within the VPDN solution. |
![[logo]](http://www.microsoft.com/library/toolbar/3.0/images/banners/TechNetB_masthead_ltr.gif "Microsoft Security Bulletins")
![[logo]](http://www.securityfocus.com/rss/SFLogo_v1.gif "SecurityFocus")
![[logo]](http://us.i1.yimg.com/us.yimg.com/i/us/nws/th/main_142b.gif "Yahoo! News")
![[logo]](http://newsroom.cisco.com/images/mobile_newsAtCisco.png "News@Cisco")
