Entitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)" this bulletin affects users of Microsoft Office 2000 through 2007, plus Office 2004 for Mac, and addresses the vulnerabilities detailed in CVE-2007-0215, CVE-2007-1203, and 2007-0214. Successful exploitation could lead to remote code execution.
Entitled "Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)" this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007, and addresses the vulnerabilities detailed in CVE-2007-0035, CVE-2007-0870, and CVE-2007-1202 Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)" this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007, and addresses the vulnerability detailed in CVE-2007-1747. Successful exploitation could lead to remote code execution.
Entitled "Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)" this bulletin affects users of Windows Exchange 2000, Exchange Server 2003, and Exchange Server 2007, and addresses the vulnerabilities detailed in CVE-2007-0220, CVE-2007-0039, CVE-2007-1213, and CVE-2007-0221. Successful exploitation could lead to remote code execution.
Entitled "Cumulative Security Update for Internet Explorer (931768)" this bulletin affects users of Windows 2000 through Vista, Internet Explorer versions 5.01 through 7, and addresses the vulnerabilities detailed in CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, and CVE-2007-2221. Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)" this bulletin affects users of CAPICOM and BizTalk Server 2004, but not affect BizTalk Server 2000, 2002, and 2006, and addresses the vulnerability detailed in CVE-2007-0940. Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)" this bulletin affects users of Windows Server 2000 and 2003, but does not affect Windows 2000, Windows XP (SP2), and Windows Vista, and addresses the vulnerability detailed in CVE-2007-1748. Successful exploitation could lead to remote code execution.
Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft released a patch within its security bulletin MS07-017.
Additional Resources
Microsoft: MS07-017
Zeroday Emergency Response Team (ZERT): Unofficial patch
NIST: CVE-2007-0038
Arbor Networks: Any Ani file could infect you
Websense: Alert
F-Secure: Blog post
There's a vulnerability within Microsoft Internet Explorer 6 while running on a fully patched Windows XP SP2 system that allows remote attackers to cause a denial of service (crash). This flaw is due to an integer overflow error in the Common Controls library "comctl32.dll" when processing a "WebViewFolderIcon" object with a specially crafted "setSlice()" method. Specifically, a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object may lead to an invalid memory copy, which can be exploited by attackers. Successful execution, however, requires that the victim visit a specially crafted Web page.
Additional resources:
- Microsoft: Advisory 926043
- US-CERT Technical Alert: TA06-270A
- US-CERT Vulnerability Note: VU#753044
- BrowserFun: #18
This vulnerability may cause a denial of service (crash) within Microsoft Internet Explorer 6. By accessing the object references of a FolderItem ActiveX object--specifcally, by creating a NULL pointer dereference error when accessing a "FolderItem" object--attackers may crash the Microsoft browser. Successful execution, however, requires a victim to access a malicious Web page.
Additional Resources:
- French Security Incident Response Team: ADV-2006-2814
- BrowserFun: #15
- National Institute of Standards and Technology: CVE-2006-3458
In a conference paper titled "Subverting Ajax," security researchers Stefano Di Paola and Giorgio Fedon identified multiple cross-site scripting (XSS) vulnerabilities. One flaw in particular, the open parameters vulnerability, is quite easy to execute on vulnerable versions of Adobe Reader. A malicious attack can be carried out by referencing any Web-based PDF file and supplying potentially malicious JavaScript code as an open parameter to any Web-based PDF file. For example
http://www.(domain name).com/file.pdf#whatever_name_you_want=javascript:your_code_here
The researchers contacted Adobe in October with their findings and only recently made their work public. Adobe has since released version 8 of Adobe Reader which no longer allows appended JavaScript within site URLs. However, many users continue to use older versions of the Adobe Reader plug-in and should update as soon as possible.
Additional Resources:
- Vendor Patch Information: Adobe Reader 8
- Wise Security: Adobe Acrobat Reader Plugin - Multiple Vulnerabilities
- Gnucitizen: Danger, Danger, Danger
This vulnerability restricts information from other domains via an object tag. A data parameter within that tag references a link on the attacker's originating site. The link on the attacker's originating site then specifies a Location HTTP header on a target site. The flaw makes that potentially malicious content available through the outerHTML attribute of the object.
On August 8, 2006, Microsoft issued MS06-040, a cumulative patch for Internet Explorer, that addresses this vulnerability.
Additional Resources:
- Vendor Patch Information: MS06-042
- IST CVE #: CVE-2006-3280
- Secunia advisory: 20825
This vulnerability is caused by an error in the HTML Help ActiveX control (hhctrl.ocx). When handling the "Image" property within an HTML file, the vulnerability can be exploited by using a long string to cause memory corruption (buffer overflow). Successful exploit could lead to the execution of remote code on a compromised PC.
Additional Resources:
- Mitre. org: CVE-2006-3657
- Secunia advisory: 20906
The Internet Explorer HTA Application Execution was assigned two vulnerability numbers by the National Institute of Standards in Technology National Vulnerabilities Database. The vulnerability in Inter Explorer allows remote attackers to execute arbitrary code via a link to an SMB file share, and the flaw itself might be within other components used by the Microsoft browser. If executed, the vulnerability may disclose potentially sensitive information and potentially compromise a user's system. Exploitation requires user interaction, however.
On August 8, 2006, Microsoft released two patches which addressed these vulnerabilities.
Additional Resources:
- Microsoft patch: MS06-045
- Microsoft patch: MS06-042
- Mitre.org CVE #: CVE-2006-3281
- Secunia advisory #: 20825
There's a previously unknown buffer-overflow vulnerability affecting Internet Explorer. Specifically, the new vulnerability exists within the Vector Markup Language (VML), a component that specifies vector images in an Extensible Markup Language (XML) document within IE. Current attacks try to execute Trojan horse programs that may allow remote access to a compromised system. While JavaScript is not necessary to exploit the vulnerability, the current attacks do use JavaScript. Thus the only workaround is to disable JavaScript within IE.
In response Microsoft has issued a rare, out-of-cycle patch. Microsoft traditionally issues new security patches on the second Tuesday of each month so that system administrators have time to test the patch before rolling it out to desktops on a network. But because details on how to make an exploit for this Internet Explorer have been posted on the Internet and because various third-party security vendors have issued their own patches, Microsoft rushed this patch.
Additional resources:
- Microsoft: Patch MS06-055
- US-CERT Technical Alert: TA06-262A
- US-CERT Vulnerability Note: VU#416092
- FrSIRT: #3679
- Secunia: #21989
