Microsoft Corp. has released five security bulletins encompassing eight vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS07-018: Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution (925939)
http://www.microsoft.com/technet/security/bulletin/MS07-018.mspx

CVE Number: CVE-2007-0938
iDefense Title: Microsoft Content Management Server CMS Memory Corruption Vulnerability
iDefense Master ID: 459116
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Content Management Server could allow an attacker to execute arbitrary code with the privileges of the vulnerable process.

CVE Number: CVE-2007-0939
iDefense Title: Microsoft Content Management Server Input Validation Vulnerability
iDefense Master ID: 459117
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability within versions 2002 and earlier of Microsoft Corp.'s Content Management Server could allow an attacker to conduct cross site scripting (XSS) attacks.
 

Security Bulletin MS07-019: Vulnerability in Universal Plug and Play Could Allow Remote Code Execution (931261)
http://www.microsoft.com/technet/security/bulletin/MS07-019.mspx

CVE Number: CVE-2007-1204
iDefense Title: Microsoft Windows Universal Plug and Play Memory Corruption Vulnerability
iDefense Master ID: 454850
iDefense Severity: HIGH
iDefense Initial Disclosure Date: Dec. 7, 2006

Remote exploitation of a buffer overflow vulnerability in the Universal Plug-and-Play (UPnP) component of multiple Microsoft Corp. operating systems could allow an attacker to execute code in the context of the vulnerable service.
 

Security Bulletin MS07-020: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (932168)
http://www.microsoft.com/technet/security/bulletin/MS07-020.mspx

CVE Number: CVE-2007-1205
iDefense Title: Microsoft Windows Agent URL Parsing Memory Corruption Vulnerability
iDefense Master ID: 459119
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Microsoft Agent could allow an attacker to execute arbitrary code with the privileges of the logged in user.
 

Security Bulletin MS07-021: Vulnerabilities in CSRSS Could Allow Remote Code Execution (930178)
http://www.microsoft.com/technet/security/bulletin/MS07-021.mspx

CVE Number: CVE-2006-6696
iDefense Title: Microsoft Windows MessageBox Memory Corruption Vulnerability
iDefense Master ID: 455292
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability within multiple versions of Microsoft Corp.'s Windows operating system could allow attackers to execute arbitrary code with system-level privileges.

CVE Number: CVE-2006-6797
iDefense Title: Microsoft Windows csrss.exe NtRaiseHardError DoS Vulnerability
iDefense Master ID: 455593
iDefense Severity: LOW

Local exploitation of an unspecified vulnerability within Microsoft Corp.'s Windows operating system could allow an attacker to crash the csrss.exe process and cause a denial of service.

CVE Number: CVE-2007-1209
iDefense Title: Microsoft Windows Vista csrss.exe Local Privilege Escalation Vulnerability
iDefense Master ID: 459120
iDefense Severity: MEDIUM

Local exploitation of an unspecified vulnerability within Microsoft Corp.'s Windows Vista operating system could allow an attacker to escalate privileges using the csrss.exe process.
 

Security Bulletin MS07-022: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (931784)
http://www.microsoft.com/technet/security/bulletin/MS07-022.mspx

CVE Number: CVE-2007-1206
iDefense Title: Microsoft Windows Virtual DOS Manager Local Privilege Escalation Vulnerability
iDefense Master ID: 459118
iDefense Severity: LOW

Local exploitation of a race condition vulnerability within Microsoft Corp.'s Windows operating system could allow attackers to execute arbitrary code in kernel context.