VCP
  |
  SOFTWARE
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: OCTOBER 2006
MICROSOFT SECURITY BULLETIN: OCTOBER 2006
MICROSOFT SECURITY BULLETIN: OCTOBER 2006
 Home // News  //  Microsoft // Microsoft Security Bulletin: October 2006
Email This Page URL  Print This Page

Microsoft Corp. has released 10 security bulletins encompassing 26 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS06-056: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)
http://www.microsoft.com/technet/security/bulletin/MS06-056.mspx

CVE Number: CVE-2006-3436
iDefense Title: Microsoft ASP.NET 2.0 XSS Vulnerability
iDefense Master ID: 453045
iDefense Severity: MEDIUM

Remote exploitation of an XSS vulnerability within Microsoft's ASP 2.0 implementation could allow an attacker to inject a client-side script in the user's browser.
 

Security Bulletin MS06-057: Vulnerability in Windows Explorer Could Allow Remote Execution (923191)
http://www.microsoft.com/technet/security/bulletin/MS06-057.mspx

CVE Number: CVE-2006-3730
iDefense Title: Microsoft Internet Explorer WebViewFolderIcon SetSlice() Integer Overflow Vulnerability
iDefense Master ID: 450090
iDefense Severity: HIGH

Remote exploitation of an integer overflow vulnerability in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer allows attackers to execute arbitrary code with the privileges of the user running Internet Explorer.
 

Security Bulletin MS06-058: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution (924163)
http://www.microsoft.com/technet/security/bulletin/MS06-058.mspx

CVE Number: CVE-2006-3435
iDefense Title: Microsoft Corp. PowerPoint Multiple Versions Malformed Object Pointer Vulnerability
iDefense Master ID: 453051
iDefense Severity: MEDIUM

Remote exploitation of an undisclosed vulnerability within versions 2003 and earlier of Microsoft Corp.'s PowerPoint could allow an attacker to execute arbitrary code within the context of the user running PowerPoint.

CVE Number: CVE-2006-3876
iDefense Title: Microsoft Corp. PowerPoint Multiple Versions Malformed Data Record Vulnerability
iDefense Master ID: 453053
iDefense Severity: MEDIUM

Remote exploitation of an undisclosed vulnerability within versions 2003 and earlier of Microsoft Corp.'s PowerPoint, could allow an attacker to execute arbitrary code within the context of the user running PowerPoint.

CVE Number: CVE-2006-3877
iDefense Title: Microsoft Corp. PowerPoint Multiple Versions Malformed Record Memory Corruption Vulnerability
iDefense Master ID: 453055
iDefense Severity: MEDIUM

Remote exploitation of an undisclosed vulnerability within versions 2003 and earlier of Microsoft Corp.'s PowerPoint, could allow an attacker to execute arbitrary code within the context of the user running PowerPoint.

CVE Number: CVE-2006-4694
iDefense Title: Microsoft Corp. PowerPoint 2003 Malformed Record Vulnerability
iDefense Master ID: 452572
iDefense Severity: MEDIUM

Remote exploitation of an undisclosed vulnerability within versions 2003 and earlier of Microsoft Corp.'s PowerPoint, could allow an attacker to execute arbitrary code within the context of the user running PowerPoint.
 

Security Bulletin MS06-059: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (924164)
http://www.microsoft.com/technet/security/bulletin/MS06-059.mspx

CVE Number: CVE-2006-2387
iDefense Title: Microsoft Excel Malformed DATETIME Record Buffer Overflow Vulnerability
iDefense Master ID: 453043
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Excel 2003 and earlier allows attackers to execute arbitrary code.

CVE Number: CVE-2006-3431
iDefense Title: Microsoft Excel Malformed STYLE Record Buffer Overflow Vulnerability
iDefense Master ID: 449777
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Excel 2003 and earlier allows attackers to execute arbitrary code.

CVE Number: CVE-2006-3867
iDefense Title: Microsoft Excel Malformed Lotus 1-2-3 File Buffer Overflow Vulnerability
iDefense Master ID: 453049
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Excel 2003 and earlier, when handling Lotus 1-2-3 files, allows attackers to execute arbitrary code.

CVE Number: CVE-2006-3875
iDefense Title: Microsoft Excel Malformed COLINFO Record Buffer Overflow Vulnerability
iDefense Master ID: 453046
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Excel 2003 and earlier allows attackers to execute arbitrary code.
 

Security Bulletin MS06-060: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (924554)
http://www.microsoft.com/technet/security/bulletin/MS06-060.mspx

CVE Number: CVE-2006-3647
iDefense Title: Microsoft Office Word 2003 String Validation Buffer Overflow Vulnerability
iDefense Master ID: 453054
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within versions 2003 and earlier of Microsoft Corp.'s Word could allow an attacker to execute arbitrary code under the privileges of the current user.

CVE Number: CVE-2006-3651
iDefense Title: Microsoft Office Word 2003 Mail Merge Record Buffer Overflow Vulnerability
iDefense Master ID: 453056
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within versions 2003 and earlier of Microsoft Corp.'s Word could allow an attacker to execute arbitrary code under the privileges of the current user.

CVE Number: CVE-2006-4534
iDefense Title: Microsoft Office Word 2003 Buffer Overflow Vulnerability
iDefense Master ID: 451768
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within versions 2003 and earlier of Microsoft Corp.'s Word could allow an attacker to execute arbitrary code under the privileges of the current user.

CVE Number: CVE-2006-4693
iDefense Title: Microsoft Office Word 2004 for Mac String Parsing Buffer Overflow Vulnerability
iDefense Master ID: 453057
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability within versions 2004 for Mac of Microsoft Corp.'s Word could allow an attacker to execute arbitrary code under the privileges of the current user.
 

Security Bulletin MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (924191)
http://www.microsoft.com/technet/security/bulletin/MS06-061.mspx

CVE Number: CVE-2006-4685
iDefense Title: Microsoft XMLHTTP ActiveX control Information Disclosure Vulnerability
iDefense Master ID: 453042
iDefense Severity: LOW

Remote exploitation of a design error in Microsoft Corp.'s XMLHTTP ActiveX control could allow an attacker to steal a user's website authentication credentials.

CVE Number: CVE-2006-4686
iDefense Title: Microsoft XML Core Services XSLT Buffer Overrun Vulnerability
iDefense Master ID: 453052
iDefense Severity: LOW

Remote exploitation of a buffer overrun vulnerability in the handling of Extensible Stylesheet Language Transformations (XLST) by Microsoft Corp.'s Microsoft XML Core Services could allow attackers to execute arbitrary code on the affected host.
 

Security Bulletin MS06-062: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922581)
http://www.microsoft.com/technet/security/bulletin/MS06-062.mspx

CVE Number: CVE-2006-3434
iDefense Title: Microsoft Corp. Microsoft Office Improper Memory Access Vulnerability
iDefense Master ID: 453044
iDefense Severity: MEDIUM

Remote exploitation of an improper memory access vulnerability within Microsoft Corp.'s Microsoft Office could allow an attacker to execute arbitrary code with the privileges of the user running Office.

CVE Number: CVE-2006-3650
iDefense Title: Microsoft Corp. Microsoft Office Malformed Chart Record Memory Corruption Vulnerability
iDefense Master ID: 453047
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability within Microsoft Corp.'s Microsoft Office could allow an attacker to execute arbitrary code with the privileges of the user running Office.

CVE Number: CVE-2006-3864
iDefense Title: Microsoft Corp. Microsoft Office Malformed Record Memory Corruption Vulnerability
iDefense Master ID: 453050
iDefense Severity: MEDIUM

Remote exploitation of an memory corruption vulnerability within Microsoft Corp.'s Microsoft Office could allow an attacker to execute arbitrary code with the privileges of the user running Office.

CVE Number: CVE-2006-3868
iDefense Title: Microsoft Office Smart Tag Parsing Buffer Overflow Vulnerability
iDefense Master ID: 453059
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within Microsoft Office could allow an attacker to execute arbitrary code on the affected system.
 

Security Bulletin MS06-063: Vulnerability in Server Service Could Allow Denial of Service (923414)
http://www.microsoft.com/technet/security/bulletin/MS06-063.mspx

CVE Number: CVE-2006-3942
iDefense Title: Microsoft Windows Server Driver 'srv.sys' SMB_COM_TRANSACTION Missing NUL DoS Vulnerability
iDefense Master ID: 450498
iDefense Severity: MEDIUM

Remote exploitation of a design error within various versions of Microsoft Corp.'s Windows operating system could allow an attacker to cause a denial of service (DoS) condition on the affected host.

CVE Number: CVE-2006-4696
iDefense Title: Microsoft Server Service SMB Rename Code Execution Vulnerability
iDefense Master ID: 453058
iDefense Severity: HIGH

Remote exploitation of a design error within Microsoft Corp.'s Server Service could allow an attacker to execute arbitrary code with system-level privileges.
 

Security Bulletin MS06-064: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)
http://www.microsoft.com/technet/security/bulletin/MS06-064.mspx

CVE Number: CVE-2004-0230
iDefense Title: Microsoft Spoofed TCP Reset and SYN DoS Vulnerability
iDefense Master ID: 210309
iDefense Severity: LOW

Remote exploitation of a design limitation vulnerability in the TCP protocol, as outlined in RFC 793 and 1323, within various implementations of Microsoft Corp.'s Windows operating systems could allow attackers to crash affected systems.

CVE Number: CVE-2004-0790
iDefense Title: Multiple Vendor ICMP 'Hard' Error Message Connection Abort DoS Vulnerability
iDefense Master ID: 410159
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in various vendors' implementations of the TCP networking protocol could allow attackers to create a denial of service (DoS) condition.

CVE Number: CVE-2005-0688
iDefense Title: Microsoft Windows TCP/IP IPv4 LAND Attack DoS Vulnerability
iDefense Master ID: 408478
iDefense Severity: LOW

Remote exploitation of a denial of service (DoS) vulnerability in the Microsoft Windows TCP/IP IPv4 stack could allow attackers to consume 100 percent of the available system resources.
 

Security Bulletin MS06-065: Vulnerability in Windows Object Packager Could Allow Remote Execution (924496)
http://www.microsoft.com/technet/security/bulletin/MS06-065.mspx

CVE Number: CVE-2006-4692
iDefense Title: Microsoft Windows Object Packager Dialogue Spoofing Remote Code Execution Vulnerability
iDefense Master ID: 453060
iDefense Severity: MEDIUM

Remote exploitation of a dialog spoofing error in Windows Object Packager could allow an attacker to execute arbitrary code on the affected system.