Microsoft Security Bulletin: September 2007 // iDefense Labs

07.07.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: SEPTEMBER 2007

Home // News // Microsoft // Microsoft Security Bulletin: September 2007

Microsoft Corp. has released four security bulletins encompassing four vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS07-051: Vulnerability in Microsoft Agent Could Allow Remote Code Execution (938827)
http://www.microsoft.com/technet/security/bulletin/MS07-051.mspx

CVE Number: CVE-2007-3040
iDefense Title: Microsoft Windows 2000 Agent URL Canonicalizing Stack-Based Buffer Overflow Vulnerability (iDefense Exclusive)
iDefense Master ID: 461988
iDefense Severity: HIGH
iDefense Initial Disclosure Date: Sept. 7, 2007

Remote exploitation of a stack-based buffer overflow vulnerability in Microsoft Corp.'s Microsoft Windows 2000 Agent could allow an attacker to execute arbitrary code with the privileges of the logged-in user.

Security Bulletin MS07-052: Vulnerability in Crystal Reports for Visual Studio Could Allow Remote Code Execution (941522)
http://www.microsoft.com/technet/security/bulletin/MS07-052.mspx

CVE Number: CVE-2006-6133
iDefense Title: Microsoft Crystal Reports for Visual Studio Code Execution Vulnerability
iDefense Master ID: 463905
iDefense Severity: MEDIUM

Remote exploitation of a code execution vulnerability in Microsoft Corp.'s Crystal Reports for Visual Studio versions 2002, 2003 and 2005 allows an attacker to execute arbitrary code within the context of the user running Visual Studio.

Security Bulletin MS07-053: Vulnerability in Windows Services for Unix Could Allow Elevation of Privilege (939778)
http://www.microsoft.com/technet/security/bulletin/MS07-053.mspx

CVE Number: CVE-2007-3036
iDefense Title: Microsoft Windows Services for Unix Setuid Binary File Privilege Escalation Vulnerability
iDefense Master ID: 463906
iDefense Severity: MEDIUM

Local exploitation of an incorrect permissions vulnerability in multiple versions of Microsoft Corp.'s Windows could allow an attacker to gain escalated privileges.

Security Bulletin MS07-054: Vulnerability in MSN Messenger and Windows Live Messenger Could Allow Remote Code Execution (942099)
http://www.microsoft.com/technet/security/bulletin/MS07-054.mspx

CVE Number: CVE-2007-2931
iDefense Title: Microsoft MSN Messenger 7.0 Webcam Heap Overflow Vulnerability
iDefense Master ID: 463588
iDefense Severity: MEDIUM

Remote exploitation of a heap overflow in Microsoft Corp.'s MSN Messenger could allow an attacker to cause arbitrary code execution or a denial of service (DoS) condition.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: September 2007
URL:	news/msft/2007-09-11.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement