Microsoft September 2008 Security Bulletin

August is the month of holidays and conferences and the activity of vulnerability researchers is accordingly lower. Nevertheless, Microsoft’s September Security Bulletin contains 4 high profile vulnerabilities which may allow an attacker to remotely execute code on the victim’s system.

The most interesting advisory describes several vulnerabilities discovered and fixed in the well known offender gdiplus.dll, the dll responsible for rendering several popular image formats.

The highest potential for usage in malware is the GIF parsing vulnerability which may be used to execute malicious code straight from a malicious web page. We have not seen any samples exploiting these vulnerabilities yet, but we are monitoring the situation and will make sure all samples are detected. Sophos Anti-Virus 7 also contains generic buffer overflow protection technology which should be able to prevent buffer overflow types of browser exploit.

We have updated our main Vulnerability Analysis landing page to include analyses for vulnerabilities announced in the Microsoft’s September Security Bulletin.

MS08-052. Vulnerabilities in GDI+ Could Allow Remote Code Execution (954593)
MS08-053. Vulnerability in Windows Media Encoder 9 Could Allow Remote Code Execution (954156)
MS08-054. Vulnerability in Windows Media Player Could Allow Remote Code Execution (954154)
MS08-055. Vulnerability in Microsoft Office Could Allow Remote Code Execution (955047)

As always, we would love to hear what you think about these advisories so please send us your comments and suggestions by email to