VCP
  |
  SOFTWARE
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: FEBRUARY 2007
MICROSOFT SECURITY BULLETIN: FEBRUARY 2007
MICROSOFT SECURITY BULLETIN: FEBRUARY 2007
 Home // News  //  Microsoft // Microsoft Security Bulletin: February 2007
Email This Page URL  Print This Page

Microsoft Corp. has released 12 security bulletins encompassing 20 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)
http://www.microsoft.com/technet/security/bulletin/MS07-005.mspx

CVE Number: CVE-2006-3448
iDefense Title: Microsoft Step-by-Step Interactive Training Buffer Overflow Vulnerability
iDefense Master ID: 457248
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability within various versions of Microsoft Corp.'s Step-by-Step Interactive Training could allow an attacker to execute arbitrary code on the affected host.
 

Security Bulletin MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/bulletin/MS07-006.mspx

CVE Number: CVE-2007-0211
iDefense Title: Microsoft Windows Shell Input Validation Vulnerability
iDefense Master ID: 457246
iDefense Severity: MEDIUM

Local exploitation of an input validation vulnerability in Microsoft Corp.'s Windows Shell could allow an attacker with valid login credentials to elevate privileges and take control of the system.
 

Security Bulletin MS07-007: Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/bulletin/MS07-007.mspx

CVE Number: CVE-2007-0210
iDefense Title: Microsoft Windows Image Acquisition Service Buffer Overflow Vulnerability
iDefense Master ID: 457253
iDefense Severity: MEDIUM

Local exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Image Acquisition Service could allow an attacker to elevate privileges and execute arbitrary code.
 

Security Bulletin MS07-008: Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)
http://www.microsoft.com/technet/security/bulletin/MS07-008.mspx

CVE Number: CVE-2007-0214
iDefense Title: Microsoft HTML Help ActiveX Control Design Error Vulnerability
iDefense Master ID: 457256
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in the handling of the initialization parameters of Microsoft Corp.'s HTML Help ActiveX Control could allow an attacker to execute arbitrary code.
 

Security Bulletin MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS07-009.mspx

CVE Number: CVE-2006-5559
iDefense Title: Microsoft ADODB.Connection ActiveX Control Heap Overflow Vulnerability
iDefense Master ID: 453621
iDefense Severity: MEDIUM

Remote exploitation of a heap overflow in versions 2.8 and earlier of Microsoft Corp.'s ADODB.Connection ActiveX control could allow an attacker to execute arbitrary code.
 

Security Bulletin MS07-010: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)
http://www.microsoft.com/technet/security/bulletin/MS07-010.mspx

CVE Number: CVE-2006-5270
iDefense Title: Microsoft Malware Protection Engine PDF Processing Integer Overflow Vulnerability
iDefense Master ID: 457245
iDefense Severity: HIGH

Remote exploitation of an integer overflow vulnerability in Microsoft Corp.'s Malware Protection Engine could allow attackers to execute code with system-level privileges.
 

Security Bulletin MS07-011: Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS07-011.mspx

CVE Number: CVE-2007-0026
iDefense Title: Microsoft OLE Dialog Remote Code Execution Vulnerability
iDefense Master ID: 457250
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s OLE Dialog could allow attackers to execute arbitrary code with the privileges of the affected user.
 

Security Bulletin MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS07-012.mspx

CVE Number: CVE-2007-0025
iDefense Title: Microsoft MFC RTF Memory Corruption Vulnerability
iDefense Master ID: 457254
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability within Microsoft Corp.'s MFC Framework could allow an attacker to execute arbitrary code with the privileges of the currently logged-in user.
 

Security Bulletin MS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)
http://www.microsoft.com/technet/security/bulletin/MS07-013.mspx

CVE Number: CVE-2006-1311
iDefense Title: Microsoft RichEdit RTF OLE Object Code Execution Vulnerability
iDefense Master ID: 457247
iDefense Severity: MEDIUM

Remote exploitation of a code execution vulnerability within Microsoft Corp.'s RichEdit functionality could allow an attacker to execute arbitrary code within the context of the user.
 

Security Bulletin MS07-014: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)
http://www.microsoft.com/technet/security/bulletin/MS07-014.mspx

CVE Number: CVE-2006-5994
iDefense Title: Microsoft Corp. Word Malformed String Memory Corruption Vulnerability
iDefense Master ID: 454927
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability within Microsoft Corp.'s Word allows an attacker to execute arbitrary code with user-level privileges.

CVE Number: CVE-2006-6456
iDefense Title: Microsoft Corp. Word Unspecified Buffer Overflow Vulnerability
iDefense Master ID: 455083
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word allows attackers to execute arbitrary code with user-level privileges.

CVE Number: CVE-2006-6561
iDefense Title: Microsoft Corp. Word Malformed Pointer Code Execution Vulnerability
iDefense Master ID: 455226
iDefense Severity: MEDIUM

Remote exploitation of an unspecified malformed pointer vulnerability in Microsoft Corp.'s Word allows an attacker to execute arbitrary code with user-level privileges.

CVE Number: CVE-2007-0208
iDefense Title: Microsoft Corp. Word Unspecified Macro Code Execution Vulnerability
iDefense Master ID: 457251
iDefense Severity: MEDIUM

Remote exploitation of an unspecified macro vulnerability in Microsoft Corp.'s Word allows an attacker to execute arbitrary code with user-level privileges.

CVE Number: CVE-2007-0209
iDefense Title: Microsoft Corp. Word Unspecified Drawing Object Code Execution Vulnerability
iDefense Master ID: 457252
iDefense Severity: MEDIUM

Remote exploitation of an unspecified drawing object vulnerability in Microsoft Corp.'s Word allows an attacker to execute arbitrary code with user-level privileges.

CVE Number: CVE-2007-0515
iDefense Title: Microsoft Word Malformed Function Code Execution Vulnerability
iDefense Master ID: 456697
iDefense Severity: HIGH

Remote exploitation of an unspecified malformed function vulnerability in Microsoft Corp.'s Word allows an attacker to execute arbitrary code with user-level privileges.
 

Security Bulletin MS07-015: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)
http://www.microsoft.com/technet/security/bulletin/MS07-015.mspx

CVE Number: CVE-2007-0671
iDefense Title: Microsoft Excel Malformed Record Buffer Overflow Vulnerability
iDefense Master ID: 456985
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code on the affected host.

CVE Number: CVE-2006-3877
iDefense Title: Microsoft PowerPoint Malformed Record Buffer Overflow Vulnerability
iDefense Master ID: 453055
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability within versions 2003 and earlier of Microsoft Corp.'s PowerPoint, could allow an attacker to execute arbitrary code within the context of the user running the application.
 

Security Bulletin MS07-016: Cumulative Security Update for Internet Explorer (928090)
http://www.microsoft.com/technet/security/bulletin/MS07-016.mspx

CVE Number: CVE-2006-4697
iDefense Title: Microsoft Internet Explorer Imjpcksid.dll/Imjpskdic.dll COM Object Instantiation Memory Corruption Vulnerability
iDefense Master ID: 457244
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the victim running IE.

CVE Number: CVE-2007-0217
iDefense Title: Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 448711
iDefense Severity: HIGH

Remote exploitation of a design error in Microsoft Corp.'s 'wininet.dll' FTP client code could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-0219
iDefense Title: Microsoft Internet Explorer Msb1fren.dll/Htmlmm.ocx/Blnmgrps.dll COM Object Instantiation Memory Corruption Vulnerability
iDefense Master ID: 457249
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer (IE) could allow an attacker to execute arbitrary code with the privileges of the victim running IE.