VCP
  |
  SOFTWARE
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: JUNE 2007
MICROSOFT SECURITY BULLETIN: JUNE 2007
MICROSOFT SECURITY BULLETIN: JUNE 2007
 Home // News  //  Microsoft // Microsoft Security Bulletin: June 2007
Email This Page URL  Print This Page

Microsoft Corp. has released six security bulletins encompassing 15 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS07-030: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)
http://www.microsoft.com/technet/security/bulletin/MS07-030.mspx

CVE Number: CVE-2007-0934
iDefense Title: Microsoft Visio Version Number Memory Corruption Code Execution Vulnerability
iDefense Master ID: 461122
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability within versions 2002 and 2003 of Microsoft Corp.'s Visio, could allow an attacker to execute arbitrary code within the context of the user running the application.

CVE Number: CVE-2007-0936
iDefense Title: Microsoft Visio Packed Objects Memory Corruption Code Execution Vulnerability
iDefense Master ID: 461127
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability within versions 2002 and 2003 of Microsoft Corp.'s Visio, could allow an attacker to execute arbitrary code within the context of the user running the application.
 

Security Bulletin MS07-031: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)
http://www.microsoft.com/technet/security/bulletin/MS07-031.mspx

CVE Number: CVE-2007-2218
iDefense Title: Microsoft Windows Schannel Digital Signature Input Validation Vulnerability
iDefense Master ID: 461123
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to cause a denial of service condition or execute arbitrary code.
 

Security Bulletin MS07-032: Vulnerability in Windows Vista Could Allow Information Disclosure (931213)
http://www.microsoft.com/technet/security/bulletin/MS07-032.mspx

CVE Number: CVE-2007-2229
iDefense Title: Microsoft Windows Vista Configuration Error Vulnerability
iDefense Master ID: 461133
iDefense Severity: LOW

Local exploitation of a configuration error within Microsoft Corp.'s Windows Vista could allow an attacker to glean login credentials to vulnerable systems.
 

Security Bulletin MS07-033: Cumulative Security Update for Internet Explorer (933566)
http://www.microsoft.com/technet/security/bulletin/MS07-033.mspx

CVE Number: CVE-2007-0218
iDefense Title: Microsoft License Manager and urlmon.dll COM Object Interaction Invalid Memory Access Vulnerability (iDefense Exclusive)
iDefense Master ID: 453532
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Oct. 24, 2006

Remote exploitation of an invalid memory access vulnerability in various Microsoft products, including Internet Explorer, while creating certain COM objects may allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-1750
iDefense Title: Microsoft Internet Explorer Malformed CSS Tag Memory Corruption Vulnerability
iDefense Master ID: 461120
iDefense Severity: HIGH
iDefense Initial Disclosure Date: Oct. 24, 2006

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-1751
iDefense Title: Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
iDefense Master ID: 461129
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Oct. 24, 2006

Remote exploitation of an uninitialized memory corruption vulnerability in Microsoft Corp.'s Internet Explorer versions 7 and earlier could allow an attacker to execute arbitrary code within the context of the user running the vulnerable application.

CVE Number: CVE-2007-1752
iDefense Title: Microsoft Internet Explorer Navigation Cancel Page Spoofing Vulnerability
iDefense Master ID: 461126
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Oct. 24, 2006

Remote exploitation of an address bar spoofing vulnerability in Microsoft Corp.'s Internet Explorer version 7 could allow an attacker to display spoofed content.

CVE Number: CVE-2007-2222
iDefense Title: Microsoft Internet Explorer Speech Control Memory Corruption Vulnerability
iDefense Master ID: 461131
iDefense Severity: HIGH
iDefense Initial Disclosure Date: Oct. 24, 2006

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Internet Explorer Speech control could allow an attacker to execute arbitrary code with the privileges of the logged-in user.

CVE Number: CVE-2007-3027
iDefense Title: Microsoft Internet Explorer Language Pack Installation Race Condition Vulnerability
iDefense Master ID: 461121
iDefense Severity: MEDIUM
iDefense Initial Disclosure Date: Oct. 24, 2006

Remote exploitation of a race condition vulnerability in Microsoft Corp.'s Internet Explorer versions 7 and earlier could allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.
 

Security Bulletin MS07-034: Cumulative Security Update for Outlook Express and Windows Mail (929123)
http://www.microsoft.com/technet/security/bulletin/MS07-034.mspx

CVE Number: CVE-2007-1658
iDefense Title: Microsoft Windows Mail UNC Navigation Request Remote Code Execution Vulnerability
iDefense Master ID: 461135
iDefense Severity: HIGH

Remote exploitation of a code execution vulnerability in Microsoft Corp's Windows Mail could allow attackers to execute arbitrary code in the context of the targeted user.

CVE Number: CVE-2007-2111
iDefense Title: Microsoft Outlook Express and Windows Mail URL Redirect Cross Domain Information Disclosure Vulnerability
iDefense Master ID: 446659
iDefense Severity: MEDIUM

Remote exploitation of a cross-domain information disclosure vulnerability in Microsoft Corp.'s Outlook Express and Windows Mail could allow attackers to read data from another Internet Explorer domain.

CVE Number: CVE-2007-2225
iDefense Title: Microsoft Outlook Express and Windows Mail URL Parsing Cross Domain Information Disclosure Vulnerability
iDefense Master ID: 461124
iDefense Severity: MEDIUM

Remote exploitation of a cross-domain information disclosure vulnerability within Microsoft Corp. Outlook Express and Windows Mail allows attackers to read data from a different Internet Explorer domain or security zone.

CVE Number: CVE-2007-2227
iDefense Title: Microsoft Outlook Express and Windows Mail Content Disposition Parsing Cross Domain Information Disclosure Vulnerability
iDefense Master ID: 461125
iDefense Severity: MEDIUM

Remote exploitation of a cross-domain information disclosure vulnerability within Microsoft Corp. Outlook Express and Windows Mail allows attackers to read data from a different Internet Explorer domain or security zone.
 

Security Bulletin MS07-035: Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)
http://www.microsoft.com/technet/security/bulletin/MS07-035.mspx

CVE Number: CVE-2007-2219
iDefense Title: Microsoft Windows Win32 API Remote Code Execution Vulnerability
iDefense Master ID: 461128
iDefense Severity: HIGH

Remote exploitation of an input validation error in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code as the currently logged-in user or allow local privilege elevation.