Microsoft Corp. has released seven security bulletins
encompassing 18 vulnerabilities. This report provides an initial summary of the
pending issues.
Security Bulletin MS06-033:
Vulnerability in ASP.NET Could Allow Information Disclosure (917283)
http://www.microsoft.com/technet/security/bulletin/MS06-033.mspx
CVE Number: CVE-2006-1300
iDefense Title: Microsoft
ASP .NET 2.0 Information Disclosure Vulnerability
iDefense Master ID: 449868
iDefense Severity: MEDIUM
Remote exploitation of an input validation
vulnerability within version 2.0 of Microsoft Corp.'s ASP .NET Framework could
allow an attacker to bypass security and gain access to restricted portions of a
website.
Security Bulletin MS06-034: Vulnerability in
Microsoft Internet Information Services using Active Server Pages Could Allow
Remote Code Execution (917537)
http://www.microsoft.com/technet/security/bulletin/MS06-034.mspx
CVE Number: CVE-2006-0026
iDefense Title: Microsoft
Corp. IIS ASP File Handler Buffer Overflow Vulnerability
iDefense Master ID:
449874
iDefense Severity: MEDIUM
Remote exploitation of a buffer
overflow vulnerability in versions 5.0, 5.1 and 6.0 of Microsoft Corp.'s
Internet Information Services (IIS) could allow an attacker with upload
privileges to potentially execute arbitrary code on an affected system.
Security Bulletin MS06-035: Vulnerability in Server
Service Could Allow Remote Code Execution (917159)
http://www.microsoft.com/technet/security/bulletin/MS06-035.mspx
CVE Number: CVE-2006-1314
iDefense Title: Microsoft
Mailslot Remote Heap Overflow Vulnerability
iDefense Master ID: 449871
iDefense Severity: MEDIUM
Remote exploitation of a heap overflow
vulnerability within Microsoft Corp.'s Mailslot Interprocess Communication(IPC)
mechanism allows attackers to execute arbitrary code. Exploitation of this
vulnerability would result in an attacker gaining full control of the
compromised computer.
CVE Number: CVE-2006-1315
iDefense Title: Microsoft SMB Information Disclosure Vulnerability
iDefense Master ID: 449872
iDefense Severity: MEDIUM
Remote
exploitation of an information disclosure within Microsoft Corp.'s SMB Server
service. Exploitation of this vulnerability would allow remote attackers to read
information from buffers that store SMB traffic information.
Security Bulletin MS06-036: Vulnerability in DHCP Client Service Could
Allow Remote Code Execution (914388)
http://www.microsoft.com/technet/security/bulletin/MS06-036.mspx
CVE Number: CVE-2006-2372
iDefense Title: Microsoft
Windows DHCP Client Service Buffer Overflow Vulnerability
iDefense Master
ID: 449869
iDefense Severity: HIGH
Remote exploitation of a buffer
overflow vulnerability in Microsoft Corp.'s Windows DHCP Client Service could
allow an attacker to execute arbitrary code.
Security
Bulletin MS06-037: Vulnerabilities in Microsoft Excel Could Allow Remote Code
Execution
http://www.microsoft.com/technet/security/bulletin/MS06-037.mspx
CVE Number: CVE-2006-1301
iDefense Title: Microsoft
Excel BIFF Structure SELECTION Record Input Validation Vulnerability
iDefense Master ID: 449870
iDefense Severity: MEDIUM
Exploitation of a input validation error in the handling of Excel
documents containing abnormal SELECTION record values by Microsoft Corp.'s Excel
spreadsheet application could allow a remote attacker to execute arbitrary code.
CVE Number: CVE-2006-1302
iDefense Title: Microsoft
Excel BIFF Structure SELECTION Record Input Validation Vulnerability
iDefense Master ID: 449878
iDefense Severity: MEDIUM
Exploitation of a input validation error in the handling of Excel
documents containing abnormal SELECTION record values by Microsoft Corp.'s Excel
spreadsheet application could allow a remote attacker to execute arbitrary code.
CVE Number: CVE-2006-1304
iDefense Title: Microsoft
Excel BIFF Structure COLINFO Record Input Validation Vulnerability
iDefense
Master ID: 449876
iDefense Severity: MEDIUM
Exploitation of an input
validation error in the handling of Excel documents containing abnormal COLINFO
record values by Microsoft Corp.'s Excel spreadsheet application could allow a
remote attacker to execute arbitrary code.
CVE Number:
CVE-2006-1306
iDefense Title: Microsoft Excel BIFF Structure OBJ
Record 'Object Type' Field Input Validation Vulnerability (iDefense Exclusive)
iDefense Master ID: 449430
iDefense Severity: HIGH
Exploitation
of an input validation error in the handling of Excel documents containing
abnormal OBJECT values by Microsoft Corp.'s Excel spreadsheet application could
allow a remote attacker to execute arbitrary code.
CVE Number:
CVE-2006-1308
iDefense Title: Microsoft Excel BIFF Structure
FNGROUPCOUNT Record Input Validation Vulnerability
iDefense Master ID:
449879
iDefense Severity: MEDIUM
Exploitation of an input validation
error in the handling of Excel documents containing abnormal FNGROUPCOUNT record
values by Microsoft Corp.'s Excel spreadsheet application could allow a remote
attacker to execute arbitrary code.
CVE Number: CVE-2006-1309
iDefense Title: Microsoft Excel BIFF Structure LABEL Record Input
Validation Vulnerability
iDefense Master ID: 449880
iDefense Severity:
MEDIUM
Exploitation of an input validation error in the handling of
Excel documents containing abnormal LABEL record values by Microsoft Corp.'s
Excel spreadsheet application could allow a remote attacker to execute arbitrary
code.
CVE Number: CVE-2006-2388
iDefense Title:
Microsoft Excel BIFF Structure CHART File Input Validation Vulnerability
iDefense Master ID: 449881
iDefense Severity: MEDIUM
Exploitation of an input validation error in the handling of Excel
documents containing abnormal CHART file values by Microsoft Corp.'s Excel
spreadsheet application could allow a remote attacker to execute arbitrary code.
CVE Number: CVE-2006-3059
iDefense Title: Microsoft
Excel Malformed BIFF Structure Code Execution Vulnerability
iDefense Master
ID: 449165
iDefense Severity: MEDIUM
Remote exploitation of an input
validation error in multiple versions of Microsoft Corp.'s Excel could allow
attackers to execute arbitrary code.
Security Bulletin
MS06-038: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
(917284)
http://www.microsoft.com/technet/security/bulletin/MS06-038.mspx
CVE Number: CVE-2006-1316
iDefense Title: Microsoft
Office Document String Parsing Vulnerability
iDefense Master ID: 449873
iDefense Severity: HIGH
Remote exploitation of an input validation
error in the string-handling functions in Microsoft Corp.'s Office allows
attackers to execute arbitrary code.
CVE Number: CVE-2006-1540
iDefense Title: Microsoft Office XP Array Index Input Validation
Vulnerability
iDefense Master ID: 444690
iDefense Severity: HIGH
Remote exploitation of a malformed string-parsing vulnerability in
Microsoft Corp.'s Office XP could allow an attacker to crash the underlying
process and potentially execute arbitrary code.
CVE Number:
CVE-2006-2389
iDefense Title: Microsoft Office Invalid Property
Memory Corruption Vulnerability
iDefense Master ID: 449877
iDefense
Severity: MEDIUM
Remote exploitation of an invalid property memory
corruption vulnerability in multiple versions of Microsoft Corp.'s Office could
allow an attacker to crash the underlying process and potentially execute
arbitrary code.
Security Bulletin MS06-039:
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution
(915384)
http://www.microsoft.com/technet/security/bulletin/MS06-039.mspx
CVE Number: CVE-2006-0007
iDefense Title: Microsoft
Office/Project/Works Malformed GIF Buffer Overflow Vulnerability
iDefense
Master ID: 449867
iDefense Severity: MEDIUM
Remote exploitation of a
buffer overflow in multiple versions of Microsoft Corp.'s Office, Project and
Works products could allow an attacker to execute arbitrary code.
CVE Number: CVE-2006-0033
iDefense Title: Microsoft
Office/Project/Works Malformed PNG Buffer Overflow Vulnerability
iDefense
Master ID: 449875
iDefense Severity: MEDIUM
Remote exploitation of a
buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Office,
Project and Works products could allow an attacker to execute arbitrary code.