Microsoft Security Bulletin: May 2007 // iDefense Labs

07.07.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: MAY 2007

Home // News // Microsoft // Microsoft Security Bulletin: May 2007

Microsoft Corp. has released seven security bulletins encompassing 19 vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS07-023: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
http://www.microsoft.com/technet/security/bulletin/MS07-023.mspx

CVE Number: CVE-2007-0215
iDefense Title: Microsoft Excel BIFF Record Memory Corruption Vulnerability
iDefense Master ID: 460069
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-1203
iDefense Title: Microsoft Excel Set Font Memory Corruption Vulnerability
iDefense Master ID: 460075
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Excel versions 2000 through 2003 could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-1214
iDefense Title: Microsoft Excel AutoFilter Out of Range Index Code Execution Vulnerability (iDefense Exclusive)
iDefense Master ID: 456525
iDefense Severity: HIGH

Remote exploitation of an input validation error in Microsoft Corp.'s Excel 2003's handling of AutoFilter records in Excel BIFF8 format spreadsheet files allows attackers to execute arbitrary code in the context of the current user.

Security Bulletin MS07-024: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
http://www.microsoft.com/technet/security/bulletin/MS07-024.mspx

CVE Number: CVE-2007-0035
iDefense Title: Microsoft Word and Works Suite Word Document Array Buffer Overflow Vulnerability
iDefense Master ID: 460070
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word 2000, 2002 and 2003, and Microsoft Works Suite 2004, 2005 and 2006 allows attackers to execute arbitrary code with user-level privileges.

CVE Number: CVE-2007-0870
iDefense Title: Microsoft Word and Works Suite Word Document Stream Buffer Overflow Vulnerability
iDefense Master ID: 457209
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Word 2000 and 2002, and Microsoft Works Suite 2004, 2005 and 2006 allows attackers to execute arbitrary code with user-level privileges.

CVE Number: CVE-2007-1202
iDefense Title: Microsoft Word RTF File Parsing Heap Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 457108
iDefense Severity: MEDIUM

Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Word could allow attackers to execute arbitrary code under the privileges of the targeted user.

Security Bulletin MS07-025: Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
http://www.microsoft.com/technet/security/bulletin/MS07-025.mspx

CVE Number: CVE-2007-1747
iDefense Title: Microsoft Office 2007 Drawing Object Input Validation Vulnerability
iDefense Master ID: 460065
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability within versions 2007 and earlier of Microsoft Corp.'s Office Suite could allow an attacker to execute arbitrary code on the affected host.

Security Bulletin MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
http://www.microsoft.com/technet/security/bulletin/MS07-026.mspx

CVE Number: CVE-2007-0039
iDefense Title: Microsoft Exchange Malformed Internet Calendar Processing Denial of Service Vulnerability
iDefense Master ID: 460072
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Exchange Server could allow attackers to cause the e-mail service to stop responding.

CVE Number: CVE-2007-0213
iDefense Title: Microsoft Exchange Server Base64 MIME Parsing Remote Code Execution Vulnerability
iDefense Master ID: 460064
iDefense Severity: HIGH

Remote exploitation of an unspecified vulnerability in multiple versions of Microsoft Corp.'s Microsoft Exchange could allow an attacker to execute arbitrary code on an affected host.

CVE Number: CVE-2007-0220
iDefense Title: Microsoft Exchange Server With Outlook Web Access Script Injection Vulnerability
iDefense Master ID: 460066
iDefense Severity: MEDIUM

Remote exploitation of a script injection vulnerability within Microsoft Corp.'s Exchange Server, when running Outlook Web Access, could allow attackers to execute script code with the privileges of the user running the Outlook Web Access client.

CVE Number: CVE-2007-0221
iDefense Title: Microsoft Exchange Server 2000 IMAP Literal Processing DoS Vulnerability (iDefense Exclusive)
iDefense Master ID: 455398
iDefense Severity: MEDIUM

Remote exploitation of an integer overflow vulnerability in the IMAP service of Microsoft Corp.'s Microsoft Exchange Server 2000 could allow an attacker to crash all running Exchange services and other services in the same process.

Security Bulletin MS07-027: Cumulative Security Update for Internet Explorer (931768)
http://www.microsoft.com/technet/security/bulletin/MS07-027.mspx

CVE Number: CVE-2007-0942
iDefense Title: Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability
iDefense Master ID: 460067
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-0944
iDefense Title: Microsoft Internet Explorer Improper Object Access Memory Corruption Vulnerability
iDefense Master ID: 460068
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-0945
iDefense Title: Microsoft Internet Explorer Property Method Memory Corruption Vulnerability
iDefense Master ID: 460076
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-0946
iDefense Title: Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability
iDefense Master ID: 460077
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-0947
iDefense Title: Microsoft Internet Explorer HTML Objects Memory Corruption Vulnerability
iDefense Master ID: 460078
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-2221
iDefense Title: Microsoft Windows Media Server mdsauth.dll Arbitrary File Rewrite Vulnerability
iDefense Master ID: 460073
iDefense Severity: HIGH

Remote exploitation of an arbitrary file rewrite vulnerability within mdsauth.dll, as distributed with Microsoft Corp.'s Windows Media Server, allows attackers to execute arbitrary code in the context of the current user.

Security Bulletin MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
http://www.microsoft.com/technet/security/bulletin/MS07-028.mspx

CVE Number: CVE-2007-0940
iDefense Title: Microsoft CAPICOM.Certificates Input Validation Code Execution Vulnerability
iDefense Master ID: 460071
iDefense Severity: MINIMAL

Remote exploitation of an input validation error in Microsoft Corp.'s CAPICOM ActiveX control could allow an attacker to execute arbitrary code.

Security Bulletin MS07-029: Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
http://www.microsoft.com/technet/security/bulletin/MS07-029.mspx

CVE Number: CVE-2007-1748
iDefense Title: Microsoft Windows DNS Server RPC Interface extractQuotedChar() Stack Buffer Overflow Vulnerability
iDefense Master ID: 459171
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code on the targeted host.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: May 2007
URL:	news/msft/2007-05-08.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement