Microsoft Corp. has released six security bulletins encompassing 13 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS06-066: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)
http://www.microsoft.com/technet/security/bulletin/MS06-066.mspx

CVE Number: CVE-2006-4688
iDefense Title: Microsoft Windows NetWare Client Service Memory Corruption Vulnerability
iDefense Master ID: 454229
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability within Microsoft Corp.'s NetWare Client Service could allow an attacker to take control of the affected computer.

CVE Number: CVE-2006-4689
iDefense Title: Microsoft Windows NetWare Driver DoS Vulnerability
iDefense Master ID: 454228
iDefense Severity: MEDIUM

Remote exploitation of a DoS vulnerability in Microsoft Corp.'s Netware driver could allow an attacker to cause the system to stop responding and then automatically restart.
 

Security Bulletin MS06-067: Cumulative Security Update for Internet Explorer (922760)
http://www.microsoft.com/technet/security/bulletin/MS06-067.mspx

CVE Number: CVE-2006-4446
iDefense Title: Microsoft Internet Explorer 6.0 DirectAnimation.PathControl COM Object (daxctle.ocx) Buffer Overflow Vulnerability
iDefense Master ID: 451469
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in the DirectAnimation.PathControl COM object (daxctle.ocx) found in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer allows attackers to crash Internet Explorer and possibly execute arbitrary code.

CVE Number: CVE-2006-4687
iDefense Title: Microsoft Corp. Internet Explorer HTML Rendering Memory Corruption Vulnerability
iDefense Master ID: 454232
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in version 6.0 of Microsoft Corp.'s Internet Explorer (IE) allows attackers to execute arbitrary code within the security context of the user running IE.

CVE Number: CVE-2006-47777
iDefense Title: Microsoft Internet Explorer 6.0 DirectAnimation.PathControl target.KeyFrame() COM Object (daxctle.ocx) Buffer Overflow Vulnerability
iDefense Master ID: 452048
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in the DirectAnimation.PathControl COM object (daxctle.ocx) found in versions 6.0 and earlier of Microsoft Corp.'s Internet Explorer allows attackers to execute arbitrary code.
 

Security Bulletin MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)
http://www.microsoft.com/technet/security/bulletin/MS06-068.mspx

CVE Number: CVE-2006-3445
iDefense Title: Microsoft Agent Remote Memory Corruption Vulnerability
iDefense Master ID: 454231
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Agent could allow an attacker to execute arbitrary code.
 

Security Bulletin MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)
http://www.microsoft.com/technet/security/bulletin/MS06-069.mspx

CVE Number: CVE-2006-3014
iDefense Title: Microsoft Office Document Unexpected ActiveX Object Instantiation Behavior
iDefense Master ID: 449256
iDefense Severity: LOW

Remote abuse of a documented feature in Microsoft Corp.'s Office products could execute ActiveX objects.

CVE Number: CVE-2006-3311
iDefense Title: Adobe Macromedia Flash 8.0.24.0 Dynamically Created String Vulnerability
iDefense Master ID: 452040
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in versions 8.0.24.0 and earlier of Adobe Systems Inc.'s Flash Player allows attackers to execute arbitrary code on the affected host.

CVE Number: CVE-2006-3587
iDefense Title: Adobe Macromedia Flash 8.0.24.0 'SWF' Remote Code Execution Vulnerability
iDefense Master ID: 449789
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability within versions 8.0.24.0 and earlier of Adobe Systems Inc.'s Flash Player could allow an attacker to execute arbitrary code on the affected host.

CVE Number: CVE-2006-3588
iDefense Title: Adobe Macromedia Flash 8.0.24.0 'SWF' DoS Vulnerability
iDefense Master ID: 449790
iDefense Severity: LOW

Remote exploitation of a memory corruption vulnerability within versions 8.0.24.0 and earlier of Adobe Systems Inc.'s Flash Player could allow an attacker to cause a DoS condition.

CVE Number: CVE-2006-4640
iDefense Title: Adobe Macromedia Flash 8.0.24.0 allowScriptAccess Circumvention Vulnerability
iDefense Master ID: 452039
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in versions 8.0.24.0 and earlier of Adobe Systems Inc.'s Flash Player allows attackers to execute arbitrary code on the affected host.
 

Security Bulletin MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)
http://www.microsoft.com/technet/security/bulletin/MS06-070.mspx

CVE Number: CVE-2006-4691
iDefense Title: Microsoft Windows Workstation Service Buffer Overflow Vulnerability
iDefense Master ID: 454227
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Windows 2000 and XP could allow an attacker to execute arbitrary code with administrator privileges.
 

Security Bulletin MS06-071: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)
http://www.microsoft.com/technet/security/bulletin/MS06-071.mspx

CVE Number: CVE-2006-5745
iDefense Title: Microsoft XML Core Services 4.0 XMLHTTP Code Execution Vulnerability
iDefense Master ID: 453948
iDefense Severity: HIGH

Remote exploitation of an input validation error vulnerability in Microsoft Corp.'s XML Core Services, specifically the XMLHTTP 4.0 ActiveX Control, allows attackers to execute arbitrary code.