Microsoft Security Bulletin: January 2007 // iDefense Labs

07.07.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: JANUARY 2007

Home // News // Microsoft // Microsoft Security Bulletin: January 2007

Microsoft Corp. has released four security bulletins encompassing 10 vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS07-001: Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution (921585)
http://www.microsoft.com/technet/security/bulletin/MS07-001.mspx

CVE Number: CVE-2006-5574
iDefense Title: Microsoft Office 2003 Brazilian Portuguese Grammar Checker Buffer Overflow Vulnerability
iDefense Master ID: 455874
iDefense Severity: LOW

Remote exploitation of a buffer overflow vulnerability within version 2003 of Microsoft Corp.'s Office could allow an attacker to execute arbitrary code on the affected system.

Security Bulletin MS07-002: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
http://www.microsoft.com/technet/security/bulletin/MS07-002.mspx

CVE Number: CVE-2007-0027
iDefense Title: Microsoft Excel IMDATA Record Code Execution Vulnerability
iDefense Master ID: 455877
iDefense Severity: HIGH

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Excel could allow execution of arbitrary code on the affected host.

CVE Number: CVE-2007-0028
iDefense Title: Microsoft Excel Malformed Record Buffer Overflow Vulnerability
iDefense Master ID: 455858
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Excel 2007 and earlier allows attackers to execute arbitrary code.

CVE Number: CVE-2007-0029
iDefense Title: Microsoft Excel Malformed String Buffer Overflow Vulnerability
iDefense Master ID: 455871
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-0030
iDefense Title: Microsoft Excel Invalid Column Heap Corruption Vulnerability
iDefense Master ID: 451978
iDefense Severity: MEDIUM

Remote exploitation of an input validation error in Microsoft Corp.'s Excel allows attackers to execute arbitrary code in the context of the user who started Excel.

CVE Number: CVE-2007-0031
iDefense Title: Microsoft Excel Long Palette Heap Overflow Vulnerability
iDefense Master ID: 452271
iDefense Severity: MEDIUM

Remote exploitation of a heap-based buffer overflow vulnerability in Microsoft Corp.'s Excel allows attackers to execute arbitrary code in the context of the user who started Excel.

Security Bulletin MS07-003: Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
http://www.microsoft.com/technet/security/bulletin/MS07-003.mspx

CVE Number: CVE-2006-1305
iDefense Title: Microsoft Outlook Header Parsing DoS Vulnerability
iDefense Master ID: 455873
iDefense Severity: LOW

Remote exploitation of a DoS vulnerability within versions earlier than 2007 of Microsoft Corp.'s Outlook could allow an attacker to cause a denial of service (DoS) by sending an e-mail to an Outlook user.

CVE Number: CVE-2007-0033
iDefense Title: Microsoft Outlook VEVENT Code Execution Vulnerability
iDefense Master ID: 455872
iDefense Severity: MEDIUM

Remote exploitation of a code execution vulnerability within versions earlier than 2007 of Microsoft Corp.'s Office software suite could allow attackers to execute code with the privileges of the current user.

CVE Number: CVE-2007-0034
iDefense Title: Microsoft Outlook Advanced Find Buffer Overflow Vulnerability
iDefense Master ID: 455875
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Outlook could allow an attacker to execute arbitrary code when the user opens an .oss file.

Security Bulletin MS07-004: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
http://www.microsoft.com/technet/security/bulletin/MS07-004.mspx

CVE Number: CVE-2007-0024
iDefense Title: Microsoft Windows VML Element Integer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 452758
iDefense Severity: HIGH
iDefense Initial Disclosure Date: Oct. 3, 2006

Remote exploitation of an integer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code within the context of the local user.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: January 2007
URL:	news/msft/2007-01-09.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement