VCP
  |
  SOFTWARE
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: JULY 2007
MICROSOFT SECURITY BULLETIN: JULY 2007
MICROSOFT SECURITY BULLETIN: JULY 2007
 Home // News  //  Microsoft // Microsoft Security Bulletin: July 2007
Email This Page URL  Print This Page

Microsoft Corp. has released six security bulletins encompassing 11 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS07-036: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
http://www.microsoft.com/technet/security/bulletin/MS07-036.mspx

CVE Number: CVE-2007-1756
iDefense Title: Microsoft Excel 2007 Version Validation Memory Corruption Vulnerability
iDefense Master ID: 462047
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability within versions 2007 and earlier of Microsoft Corp.'s Excel spreadsheet utility could allow an attacker to execute arbitrary code on the affected host.

CVE Number: CVE-2007-3029
iDefense Title: Microsoft Excel Worksheet Memory Corruption Vulnerability
iDefense Master ID: 462045
iDefense Severity: MEDIUM

Remote execution of a data validation vulnerability in multiple versions of Microsoft Corp.'s Excel could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-3030
iDefense Title: Microsoft Excel Workbook Memory Corruption Vulnerability
iDefense Master ID: 462042
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s Excel, as included in the Microsoft Office Suite, allows an attacker to execute arbitrary code in the security context of the user running the vulnerable application.
 

Security Bulletin MS07-037: Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)
http://www.microsoft.com/technet/security/bulletin/MS07-037.mspx

CVE Number: CVE-2007-1754
iDefense Title: Microsoft Publisher 2007 Invalid Memory Reference Vulnerability
iDefense Master ID: 462041
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability within version 2007 of Microsoft Corp.'s Publisher could allow an attacker to execute arbitrary code on the affected system.
 

Security Bulletin MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
http://www.microsoft.com/technet/security/bulletin/MS07-038.mspx

CVE Number: CVE-2007-3038
iDefense Title: Microsoft Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability
iDefense Master ID: 462048
iDefense Severity: LOW

Remote exploitation of an information disclosure vulnerability in Microsoft Corp.'s Windows Vista Firewall could allow attackers to send inbound network traffic to the affected system and possibly gain information about the system.
 

Security Bulletin MS07-039: Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
http://www.microsoft.com/technet/security/bulletin/MS07-039.mspx

CVE Number: CVE-2007-0040
iDefense Title: Microsoft Active Directory LDAP Convertible Attributes Code Execution Vulnerability
iDefense Master ID: 462044
iDefense Severity: MEDIUM

Remote exploitation of a code execution vulnerability within Microsoft Corp.'s Active Directory Server allows attackers to deny service or potentially execute arbitrary code with system-level privileges.

CVE Number: CVE-2007-3028
iDefense Title: Microsoft Windows 2000 Server Active Directory LDAP Attribute DoS Vulnerability
iDefense Master ID: 462039
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Windows 2000 Server Active Directory could allow an attacker to create a denial of service (DoS) condition on a vulnerable host.
 

Security Bulletin MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
http://www.microsoft.com/technet/security/bulletin/MS07-040.mspx

CVE Number: CVE-2007-0041
iDefense Title: Microsoft .NET Framework PE Loader Buffer Overflow Vulnerability
iDefense Master ID: 462046
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s .NET Framework could allow attackers to execute arbitrary code in the context of the currently logged-in user.

CVE Number: CVE-2007-0042
iDefense Title: Microsoft ASP .NET Null Byte Termination Input Validation Vulnerability
iDefense Master ID: 462040
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s .NET Framework could allow an attacker to gain unauthorized access to configuration files.

CVE Number: CVE-2007-0043
iDefense Title: Microsoft .NET Framework JIT Compiler Buffer Overflow Vulnerability
iDefense Master ID: 462043
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in multiple versions of Microsoft Corp.'s .NET Framework could allow an attacker to execute arbitrary code.
 

Security Bulletin MS07-041: Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
http://www.microsoft.com/technet/security/bulletin/MS07-041.mspx

CVE Number: CVE-2005-4360
iDefense Title: Microsoft IIS 'inetinfo.exe' Code Execution Vulnerability
iDefense Master ID: 432862
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Internet Information Server Web server, version 5.1, could allow an attacker to execute arbitrary code.