Microsoft Security Bulletin: August 2006 // iDefense Labs

07.07.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: AUGUST 2006

Home // News // Microsoft // Microsoft Security Bulletin: August 2006

Microsoft Corp. has released 12 security bulletins encompassing 23 vulnerabilities. This report provides an initial summary of the pending issues.

Security Bulletin MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883)
http://www.microsoft.com/technet/security/bulletin/MS06-040.mspx

CVE Number: CVE-2006-3439
iDefense Title: Microsoft Windows Server Driver 'srv.sys' Buffer Overflow Vulnerability
iDefense Master ID: 450498
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within various versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code on the affected host.

Security Bulletin MS06-041: Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)
http://www.microsoft.com/technet/security/bulletin/MS06-041.mspx

CVE Number: CVE-2006-3440
iDefense Title: Microsoft Windows Winsock Hostname Buffer Overflow Vulnerability
iDefense Master ID: 450865
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Windows 2000, Windows XP and Windows Server 2003 could allow an attacker to execute arbitrary code with elevated privileges.

CVE Number: CVE-2006-3441
iDefense Title: Microsoft DNS Client Buffer Overflow Vulnerability
iDefense Master ID: 450864
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s DNS Client could allow attackers to execute arbitrary code remotely.

Security Bulletin MS06-042: Cumulative Security Update for Internet Explorer (918899)
http://www.microsoft.com/technet/security/bulletin/MS06-042.mspx

CVE Number: CVE-2004-1166
iDefense Title: Multiple Vendor Web Browser URI Handler FTP Command Injection Vulnerability
iDefense Master ID: 404857
iDefense Severity: MEDIUM

Remote exploitation of an FTP command injection vulnerability in the URI FTP handler functionality within multiple vendors' Web browser implementations could allow attackers to execute arbitrary FTP commands on a targeted host.

CVE Number: CVE-2006-3280
iDefense Title: Microsoft Internet Explorer 6.0 object.documentElement.outerHTML Information Disclosure Vulnerability
iDefense Master ID: 449480
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer could allow an attacker to retrieve arbitrary content as the client via the JavaScript object.documentElement.outerHTML property.

CVE Number: CVE-2006-3450
iDefense Title: Microsoft Internet Explorer 5.0.1, 6.0 HTML Layout and Positioning Memory Corruption Vulnerability
iDefense Master ID: 450861
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer handling of certain HTML elements and their positioning, allows attackers to execute arbitrary code with the privileges of the user running Internet Explorer.

CVE Number: CVE-2006-3451
iDefense Title: Microsoft Internet Explorer 5.0.1, 6.0 CSS Memory Corruption Vulnerability
iDefense Master ID: 450866
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer handling of certain CSS elements allows attackers to execute arbitrary code with the privileges of the user running Internet Explorer.

CVE Number: CVE-2006-3637
iDefense Title: Microsoft Internet Explorer 5.0.1, 6.0 HTML Rendering Memory Corruption
iDefense Master ID: 450867
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer handling of certain HTML elements allows attackers to execute arbitrary code with the privileges of the user running Internet Explorer.

CVE Number: CVE-2006-3638
iDefense Title: Microsoft Internet Explorer Multiple COM Object Instantiation Memory Corruption Vulnerability
iDefense Master ID: 450862
iDefense Severity: HIGH

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Internet Explorer Web browser could allow attackers to execute arbitrary code on affected systems.

CVE Number: CVE-2006-3639
iDefense Title: Microsoft Internet Explorer Cross-Domain Access Design Error Vulnerability
iDefense Master ID: 450863
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to view potentially sensitive information or execute arbitrary code, depending on the version of Internet Explorer being used by the victim.

CVE Number: CVE-2006-3640
iDefense Title: Microsoft Internet Explorer Window Location Information Disclosure Vulnerability
iDefense Master ID: 450869
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to view potentially sensitive information.

Security Bulletin MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
http://www.microsoft.com/technet/security/bulletin/MS06-043.mspx

CVE Number: CVE-2006-2766
iDefense Title: Microsoft Internet Explorer INETCOMM.DLL MHTML URI Stack Overflow Vulnerability
iDefense Master ID: 448743
iDefense Severity: HIGH

Remote exploitation of a stack based buffer overflow vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to crash the browser via excessively long 'mhtml://mid:' URIs in a URL document.

Security Bulletin MS06-044: Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008)
http://www.microsoft.com/technet/security/bulletin/MS06-044.mspx

CVE Number: CVE-2006-3643
iDefense Title: Microsoft Management Console Remote Code Execution Vulnerability
iDefense Master ID: 450872
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow a remote attacker to execute arbitrary code.

Security Bulletin MS06-045: Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398)
http://www.microsoft.com/technet/security/bulletin/MS06-045.mspx

CVE Number: CVE-2006-3281
iDefense Title: Microsoft Internet Explorer 6.0 HTML HTA File Extension Code Execution Vulnerability
iDefense Master ID: 449458
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code via HTA documents served from an SMB share.

Security Bulletin MS06-046: Vulnerability in HTML Help Could Allow Remote Code Execution (922616)
http://www.microsoft.com/technet/security/bulletin/MS06-046.mspx

CVE Number: CVE-2006-3357
iDefense Title: Microsoft HTML Help ActiveX Control Image Property Buffer Overflow Vulnerability
iDefense Master ID: 449650
iDefense Severity: HIGH

Remote exploitation of a heap overflow vulnerability in Microsoft Corp.'s HHCtrl ActiveX component (HHCtrl.ocx) could allow an attacker to execute arbitrary code.

Security Bulletin MS06-047: Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645)
http://www.microsoft.com/technet/security/bulletin/MS06-047.mspx

CVE Number: CVE-2006-3649
iDefense Title: Microsoft Office VBA Buffer Overflow Vulnerability
iDefense Master ID: 450868
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability within Microsoft Corp.'s Office Suite could allow an attacker to execute arbitrary code.

Security Bulletin MS06-048: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968)
http://www.microsoft.com/technet/security/bulletin/MS06-048.mspx

CVE Number: CVE-2006-3449
iDefense Title: Microsoft PowerPoint Record Length Integer Overflow Vulnerability
iDefense Master ID: 450871
iDefense Severity: MEDIUM

Remote exploitation of an integer overflow vulnerability in the way Microsoft Corp.'s PowerPoint software handles record length fields could allow an attacker to execute of arbitrary code

CVE Number: CVE-2006-3590
iDefense Title: Microsoft Office 2003 PowerPoint 'Mso.dll' Malformed File Buffer Overflow Vulnerability
iDefense Master ID: 449976
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within versions 2004 and earlier of Microsoft Corp.'s PowerPoint application allows attackers to execute code under the privileges of the current user.

Security Bulletin MS06-049: Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958)
http://www.microsoft.com/technet/security/bulletin/MS06-049.mspx

CVE Number: CVE-2006-3444
iDefense Title: Microsoft Windows 2000 Local Kernel Buffer Overflow Privilege Elevation Vulnerability
iDefense Master ID: 450870
iDefense Severity: MEDIUM

Local exploitation of a buffer overflow vulnerability in the Microsoft Corp.'s Windows 2000 kernel could allow an attacker to execute code with elevated privileges.

Security Bulletin MS06-050: Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)
http://www.microsoft.com/technet/security/bulletin/MS06-050.mspx

CVE Number: CVE-2006-3086
iDefense Title: Microsoft Office Hyperlink URL Hlink.dll Stack-Based Buffer Overflow Vulnerability
iDefense Master ID: 449222
iDefense Severity: HIGH

Remote exploitation of a stack-based buffer overflow vulnerability in Microsoft Corp.'s Office could allow an attacker to execute arbitrary code.

CVE Number: CVE-2006-3438
iDefense Title: Microsoft Office Hyperlink URL Hlink.dll Malformed Function Vulnerability
iDefense Master ID: 450875
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s hlink.dll could allow an attacker to execute arbitrary code with the privileges of the current user.

Security Bulletin MS06-051: Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422)
http://www.microsoft.com/technet/security/bulletin/MS06-051.mspx

CVE Number: CVE-2006-3443
iDefense Title: Microsoft Windows Winlogon Unsafe Path Design Error Vulnerability
iDefense Master ID: 450874
iDefense Severity: MEDIUM

Local exploitation of a design error in the Winlogon process in Microsoft Corp.'s Windows could allow an attacker to execute code with elevated privileges.

CVE Number: CVE-2006-3648
iDefense Title: Microsoft Windows Kernel Unhandled Exception Vulnerability
iDefense Master ID: 450873
iDefense Severity: HIGH

Remote exploitation of an unspecified vulnerability in the Microsoft Corp.'s Windows kernel could allow remote attackers to take complete control of a computer from a malicious Web page through the use of improperly handled exceptions in memory resident applications.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: August 2006
URL:	news/msft/2006-08-08.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement