TV with DVR & Internet: $89.90/moEntitled "Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)" this bulletin affects users of Microsoft Office 2000 through 2007, plus Office 2004 for Mac, and addresses the vulnerabilities detailed in CVE-2007-0215, CVE-2007-1203, and 2007-0214. Successful exploitation could lead to remote code execution.
Entitled "Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)" this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007, and addresses the vulnerabilities detailed in CVE-2007-0035, CVE-2007-0870, and CVE-2007-1202 Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)" this bulletin affects users of Microsoft Office 2000 through 2003, plus Office 2004 for Mac, but does not affect Office 2007, and addresses the vulnerability detailed in CVE-2007-1747. Successful exploitation could lead to remote code execution.
Entitled "Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)" this bulletin affects users of Windows Exchange 2000, Exchange Server 2003, and Exchange Server 2007, and addresses the vulnerabilities detailed in CVE-2007-0220, CVE-2007-0039, CVE-2007-1213, and CVE-2007-0221. Successful exploitation could lead to remote code execution.
Entitled "Cumulative Security Update for Internet Explorer (931768)" this bulletin affects users of Windows 2000 through Vista, Internet Explorer versions 5.01 through 7, and addresses the vulnerabilities detailed in CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0946, CVE-2007-0947, and CVE-2007-2221. Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)" this bulletin affects users of CAPICOM and BizTalk Server 2004, but not affect BizTalk Server 2000, 2002, and 2006, and addresses the vulnerability detailed in CVE-2007-0940. Successful exploitation could lead to remote code execution.
Entitled "Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)" this bulletin affects users of Windows Server 2000 and 2003, but does not affect Windows 2000, Windows XP (SP2), and Windows Vista, and addresses the vulnerability detailed in CVE-2007-1748. Successful exploitation could lead to remote code execution.
Additional Resources
MILW0RM: Advisory 3544
Additional Resources
Microsoft: Advisory 934864
FRsirt: 1115
CNET News.com: Windows weakness can lead to network traffic hijacks
Successful exploitation can result in memory corruption when processing cursors, animated cursors, and icons. According to Arbor Networks, the malicious code on compromised Web sites exploiting this flaw appears to be originating from the following sites, which you may want to block:
wsfgfdgrtyhgfd.net
85.255.113.4
uniq-soft.com
fdghewrtewrtyrew.biz
newasp.com.cn
To become infected, users must be using Internet Explorer 6 or 7; there is no need to click, just visiting an infected site is enough for an infection. The flaw does not affect Firefox or Opera Internet Browsers. Microsoft released a patch within its security bulletin MS07-017.
Additional Resources
Microsoft: MS07-017
Zeroday Emergency Response Team (ZERT): Unofficial patch
NIST: CVE-2007-0038
Arbor Networks: Any Ani file could infect you
Websense: Alert
F-Secure: Blog post
There's a buffer overflow affecting both the Windows and Mac version of Apple QuickTime 7.1.3 real-time streaming protocol (rtsp). The flaw allows remote attackers to execute arbitrary code which could allow remote access and the arbitrary execution of malicious code on compromised machines. If a user clicks a very long and specially crafted QuickTime video URL, an attacker could load malicious code onto Microsoft Windows or Apple Mac OS X machines.
At this time, there is no patch available from Apple. Users should avoid clicking URLs that begin with "rstp://." One workaround within QuickTime is to disable the rtsp:// URL handler. To do so, Mac users should open QuickTime, go to Preferences, click the Advanced tab, and select Mime Settings; once there, uncheck the box next to Streaming - Streaming Movies. For Windows users, click Edit, then Preferences, and then QuickTime Preferences. Select File Types from the pull-down menu or tab options. On the File Types page click Streaming - Streaming Movies to display additional options and uncheck the box next to RSTP stream descriptor if necessary.
Additional Resources:
- NIST: CVE-2007-0015
- MOAB: MOAB-01-01-2007
- Milworm.com: 3064
This vulnerability creates a denial of service (crash) within Microsoft Internet Explorer 6 after a victim has been tricked into visiting a malicious Web page. Using the DXImageTransform.Microsoft.Gradient ActiveX object with a long (1) StartColorStr or (2) EndColorStr property, an error is generated.
Additional Resources:
- French Security Incident Response Team: ADV-2006-2832
- BrowserFun: #17
- National Institute of Standards and Technology: CVE-2006-3657
- prev
- 1
- next
