Microsoft Security Bulletin: August 2007 // iDefense Labs

07.07.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: AUGUST 2007

Home // News // Microsoft // Microsoft Security Bulletin: August 2007

Microsoft Corp. has released nine security bulletins encompassing 14 vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS07-042: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)
http://www.microsoft.com/technet/security/bulletin/MS07-042.mspx

CVE Number: CVE-2007-2223
iDefense Title: Microsoft Internet Explorer XMLDOM Memory Corruption Vulnerability (iDefense Exclusive)
iDefense Master ID: 444023
iDefense Severity: HIGH
iDefense Initial Disclosure Date: May 18, 2006

Remote exploitation of a buffer overflow vulnerability within Microsoft Corp.'s XML Core Services may allow an attacker to execute arbitrary code in the context of the current user.

Security Bulletin MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)
http://www.microsoft.com/technet/security/bulletin/MS07-043.mspx

CVE Number: CVE-2007-2224
iDefense Title: Microsoft OLE Automation Remote Code Execution Vulnerability
iDefense Master ID: 463127
iDefense Severity: HIGH

Remote exploitation of a code execution vulnerability within Microsoft Corp.'s OLE Automation allows attackers to execute arbitrary code in the context of the current user.

Security Bulletin MS07-044: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)
http://www.microsoft.com/technet/security/bulletin/MS07-044.mspx

CVE Number: CVE-2007-3890
iDefense Title: Microsoft Excel 2003 Workspace Index Value Input Validation Vulnerability
iDefense Master ID: 463121
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability within various versions of Microsoft Corp.'s Excel spreadsheet utility could allow an attacker to execute arbitrary code on the targeted host.

Security Bulletin MS07-045: Cumulative Security Update for Internet Explorer (937143)
http://www.microsoft.com/technet/security/bulletin/MS07-045.mspx

CVE Number: CVE-2007-0943
iDefense Title: Microsoft Internet Explorer 5.01 CSS Memory Corruption Vulnerability
iDefense Master ID: 463126
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in version 5.01 of Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-2216
iDefense Title: Microsoft Internet Explorer tblinf32.dll ActiveX Control Code Execution Vulnerability
iDefense Master ID: 463123
iDefense Severity: MEDIUM

Remote exploitation of a code execution vulnerability in multiple versions of Microsoft Corp.'s tblinf32.dll/vstlbinf.dll ActiveX Control could allow an attacker to execute code in the context of the user running Internet Explorer.

CVE Number: CVE-2007-3041
iDefense Title: Microsoft Internet Explorer pdwizard.ocx ActiveX Control Memory Corruption Vulnerability
iDefense Master ID: 463125
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability in multiple versions of Microsoft Corp.'s pdwizard.ocx ActiveX Control could allow an attacker to execute code in the context of the user running Internet Explorer.

Security Bulletin MS07-046: Vulnerability in GDI Could Allow Remote Code Execution (938829)
http://www.microsoft.com/technet/security/bulletin/MS07-046.mspx

CVE Number: CVE-2007-3034
iDefense Title: Microsoft Windows Graphics Device Interface Image Processing Input Validation Vulnerability
iDefense Master ID: 463124
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code.

Security Bulletin MS07-047: Vulnerabilities in Windows Media Player Could Allow Remote Code Execution (936782)
http://www.microsoft.com/technet/security/bulletin/MS07-047.mspx

CVE Number: CVE-2007-3035
iDefense Title: Microsoft Windows Media Player Skins Decompressing Code Execution Vulnerability
iDefense Master ID: 463117
iDefense Severity: MEDIUM

Remote exploitation of an undisclosed vulnerability in the handling of skins files during decompression by Microsoft Corp.'s Windows Media Player could allow attackers to execute arbitrary code.

CVE Number: CVE-2007-3037
iDefense Title: Microsoft Windows Media Player Skins Parsing Code Execution Vulnerability
iDefense Master ID: 463116
iDefense Severity: MEDIUM

Remote exploitation of an undisclosed vulnerability in the handling of skins files by Microsoft Corp.'s Windows Media Player could allow attackers to execute arbitrary code.

Security Bulletin MS07-048: Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)
http://www.microsoft.com/technet/security/bulletin/MS07-048.mspx

CVE Number: CVE-2007-3032
iDefense Title: Microsoft Windows Vista Contact Gadget Input Validation Vulnerability
iDefense Master ID: 463120
iDefense Severity: MEDIUM

Remote exploitation of an input validation vulnerability in Microsoft Corp.'s Windows Vista Contact Gadget could allow attackers to execute arbitrary code on a targeted host.

CVE Number: CVE-2007-3033
iDefense Title: Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross-Site Scripting (XSS) Vulnerability (iDefense Exclusive)
iDefense Master ID: 458337
iDefense Severity: MEDIUM

Remote exploitation of a Cross-Site Scripting (XSS) vulnerability in the Windows Vista Sidebar RSS Gadget allows an attacker to execute arbitrary code with the privileges of the logged-in user.

CVE Number: CVE-2007-3891
iDefense Title: Microsoft Windows Vista Weather Gadget Remote Code Execution Vulnerability
iDefense Master ID: 463122
iDefense Severity: MEDIUM

Remote exploitation of a code execution vulnerability in Microsoft Corp.'s Windows Vista Weather Gadget could allow attackers to execute arbitrary code on the affected system.

Security Bulletin MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
http://www.microsoft.com/technet/security/bulletin/MS07-049.mspx

CVE Number: CVE-2007-0948
iDefense Title: Microsoft Virtual PC and Virtual Server Heap Overflow Vulnerability
iDefense Master ID: 463118
iDefense Severity: MEDIUM

Local exploitation of a heap overflow vulnerability in Microsoft Corp.'s Virtual PC and Virtual Server could allow attackers with administrator permissions to the guest operating system to execute arbitrary code on the host operating system or other guest operating systems.

Security Bulletin MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)
http://www.microsoft.com/technet/security/bulletin/MS07-050.mspx

CVE Number: CVE-2007-1749
iDefense Title: Microsoft VGX.DLL Buffer Ovverflow Vulnerability
iDefense Master ID: 463119
iDefense Severity: HIGH

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s VGX.DLL library could allow an attacker to execute arbitrary code in the context of the currently logged-in user.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: August 2007
URL:	news/msft/2007-08-14.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement