VCP
  |
  SOFTWARE
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: DECEMBER 2006
MICROSOFT SECURITY BULLETIN: DECEMBER 2006
MICROSOFT SECURITY BULLETIN: DECEMBER 2006
 Home // News  //  Microsoft // Microsoft Security Bulletin: December 2006
Email This Page URL  Print This Page

Microsoft Corp. has released seven security bulletins encompassing 11 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS06-072: Cumulative Security Update for Internet Explorer (925454)
http://www.microsoft.com/technet/security/bulletin/MS06-072.mspx

CVE Number: CVE-2006-5577
iDefense Title: Internet Explorer Temporary Internet File (TIF) Disclosure Vulnerability
iDefense Master ID: 455144
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in version 6 and earlier of Microsoft Corp.'s Internet Explorer Web browser could allow for the disclosure of Temporary Internet Files (TIF, also referred to as cached files) to an attacker.

CVE Number: CVE-2006-5578
iDefense Title: Microsoft Internet Explorer TIF Information Disclosure Vulnerability
iDefense Master ID: 455145
iDefense Severity: MEDIUM

Remote exploitation of an information disclosure vulnerability within Microsoft Corp.'s Internet Explorer could allow an attacker to retrieve the victim's Temporary Internet Files (TIF).

CVE Number: CVE-2006-5579
iDefense Title: Microsoft Internet Explorer 6 Script Error Handling Memory Corruption Vulnerability
iDefense Master ID: 455148
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability within versions 6 Service Pack 2 and earlier of Microsoft Corp.'s Internet Explorer Web browser, could allow an attacker to execute arbitrary code on the affected host.

CVE Number: CVE-2006-5581
iDefense Title: Microsoft Internet Explorer DHTML Parsing Code Execution Vulnerability
iDefense Master ID: 455146
iDefense Severity: HIGH

Remote exploitation of a design error vulnerability in the DHTML parsing code in versions 6, and 6 SP1 of Microsoft Corp.'s Internet Explorer could allow for an attacker to execute arbitrary code with the permissions of the user of the vulnerable system.
 

Security Bulletin MS06-073: Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
http://www.microsoft.com/technet/security/bulletin/MS06-073.mspx

CVE Number: CVE-2006-4704
iDefense Title: Microsoft Visual Studio 2005 WMI Object Broker ActiveX Control Design Error Vulnerability
iDefense Master ID: 453878
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Visual Studio 2005 could allow arbitrary code execution.

 

Security Bulletin MS06-074: Vulnerability in SNMP Could Allow Remote Code Execution (926247)
http://www.microsoft.com/technet/security/bulletin/MS06-074.mspx

CVE Number: CVE-2006-5583
iDefense Title: Microsoft Windows SNMP Service Buffer Overflow Vulnerability
iDefense Master ID: 455141
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability within Microsoft Corp.'s SNMP Service could allow an attacker to execute arbitrary code with SYSTEM privileges.
 

Security Bulletin MS06-075: Vulnerability in Windows Could Allow Elevation of Privilege (926255)
http://www.microsoft.com/technet/security/bulletin/MS06-075.mspx

CVE Number: CVE-2006-5585
iDefense Title: Microsoft Windows csrss.exe File Manifest Buffer Overflow Vulnerability
iDefense Master ID: 455142
iDefense Severity: MEDIUM

Local exploitation of a buffer overflow vulnerability in Microsoft Corp's Microsoft Windows Client Server Run-Time Subsystem could allow an attacker to elevate their privileges.
 

Security Bulletin MS06-076: Cumulative Security Update for Outlook Express (923694)
http://www.microsoft.com/technet/security/bulletin/MS06-076.mspx

CVE Number: CVE-2006-2386
iDefense Title: Microsoft Outlook Express Windows Address Book Buffer Overflow Vulnerability
iDefense Master ID: 455147
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow in Microsoft Corp.'s Outlook Express Windows Address Book component could allow an attacker to execute arbitrary code in the context of the targeted user.
 

Security Bulletin MS06-077: Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
http://www.microsoft.com/technet/security/bulletin/MS06-077.mspx

CVE Number: CVE-2006-5584
iDefense Title: Microsoft Windows 2000 RIS Anonymous TFTP Access Design Error Vulnerability
iDefense Master ID: 455143
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Windows 2000 could allow an attacker to write to a vulnerable host's file sytem and potentially execute arbitrary code.
 

Security Bulletin MS06-078: Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
http://www.microsoft.com/technet/security/bulletin/MS06-078.mspx

CVE Number: CVE-2006-4702
iDefense Title: Microsoft Windows Media Player ASF File Format Buffer Overflow Vulnerability
iDefense Master ID: 455149
iDefense Severity: HIGH

Remote exploitation of buffer overflow vulnerability in Microsoft Corp.'s Windows Media Player's handling of ASF files could allow an attacker to execute arbitrary code.

CVE Number: CVE-2006-6134
iDefense Title: Microsoft Windows Media Player ASX Playlist Filename Buffer Overflow Vulnerability
iDefense Master ID: 454511
iDefense Severity: HIGH

Remote exploitation of buffer overflow vulnerability in Microsoft Corp.'s Windows Media Player could allow an attacker to execute arbitrary code.