Microsoft Security Bulletin: October 2007 // iDefense Labs

07.07.2008 | STERLING, VA Sterling, VA, USA

| | | | | | |

MICROSOFT SECURITY BULLETIN: OCTOBER 2007

Home // News // Microsoft // Microsoft Security Bulletin: October 2007

Microsoft Corp. has released six security bulletins encompassing nine vulnerabilities. This report provides an initial summary of these pending issues.

Security Bulletin MS07-055: Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)
http://www.microsoft.com/technet/security/bulletin/MS07-055.mspx

CVE Number: CVE-2007-2217
iDefense Title: Microsoft Windows Kodak Image Viewer Memory Corruption Vulnerability
iDefense Master ID: 464612
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Kodak Image Viewer could allow attackers to execute arbitrary code with the privileges of the logged-in user.

Security Bulletin MS07-056: Security Update for Outlook Express and Windows Mail (941202)
http://www.microsoft.com/technet/security/bulletin/MS07-056.mspx

CVE Number: CVE-2007-3897
iDefense Title: Microsoft Windows Mail and Outlook Express NNTP Protocol Heap Overflow (iDefense Exclusive)
iDefense Master ID: 462069
iDefense Severity: HIGH
iDefense Initial Disclosure Date: July 11, 2007

Remote exploitation of a heap overflow in the handling of NNTP 'XHDR' replies in Microsoft Corp.'s Windows Mail and Outlook Express mail clients may allow an attacker to execute code with the privileges of the logged-on user.

Security Bulletin MS07-057: Cumulative Security Update for Internet Explorer (939653)
http://www.microsoft.com/technet/security/bulletin/MS07-057.mspx

CVE Number: CVE-2007-1091
iDefense Title: Microsoft Internet Explorer 7 JavaScript ''onUnload'' Address Bar Spoofing Vulnerability
iDefense Master ID: 457538
iDefense Severity: LOW

Remote exploitation of an address bar spoofing vulnerability in Microsoft Corp.'s Internet Explorer 7 Web browser could allow attackers to spoof trusted Web addresses in the address bar while the actual content displayed is a malicious Web page.

CVE Number: CVE-2007-3826
iDefense Title: Microsoft Internet Explorer 7 Address Bar Spoofing Vulnerability
iDefense Master ID: 462303
iDefense Severity: LOW

Remote exploitation of an address bar spoofing vulnerability in Microsoft Corp.'s Internet Explorer 7 Web browser could allow attackers to spoof trusted Web addresses in the address bar while the actual content displayed is a malicious Web page.

CVE Number: CVE-2007-3893
iDefense Title: Microsoft Internet Explorer Download Queue Error Handling Memory Corruption Vulnerability
iDefense Master ID: 464615
iDefense Severity: HIGH

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer versions 5.01 through 7 could allow an attacker to execute arbitrary code within the security context of the user running Internet Explorer.

CVE Number: CVE-2007-X3892
iDefense Title: Microsoft Internet Explorer Address Bar Spoofing Vulnerability
iDefense Master ID: 464619
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in versions 7.0 and prior of Microsoft Corp.'s Internet Explorer could allow an attacker to display spoofed content within the address bar of the browser.

Security Bulletin MS07-058: Vulnerability in RPC Could Allow Denial of Service (933729)
http://www.microsoft.com/technet/security/bulletin/MS07-058.mspx

CVE Number: CVE-2007-2228
iDefense Title: Microsoft Windows RPC Authentication Request DoS Vulnerability
iDefense Master ID: 464614
iDefense Severity: LOW

Remote exploitation of a design error vulnerability in Microsoft Corp.'s Windows RPC Service could allow attackers to cause a denial of service (DoS) condition.

Security Bulletin MS07-059: Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)
http://www.microsoft.com/technet/security/bulletin/MS07-059.mspx

CVE Number: CVE-2007-2581
iDefense Title: Microsoft SharePoint Cross-Site Scripting (XSS) Vulnerability
iDefense Master ID: 459968
iDefense Severity: LOW

Remote exploitation of a cross-site scripting (XSS) vulnerability in Microsoft Corp.'s Windows SharePoint Services 3.0 and Office SharePoint Server 2007 allows the arbitrary execution of JavaScript code.

Security Bulletin MS07-060: Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)
http://www.microsoft.com/technet/security/bulletin/MS07-060.mspx

CVE Number: CVE-2007-3899
iDefense Title: Microsoft Word Malformed String Memory Corruption Vulnerability
iDefense Master ID: 464618
iDefense Severity: MEDIUM

Remote exploitation of a memory corruption vulnerability within Microsoft Corp.'s Word application allows attackers to execute arbitrary code in the context of the current user.

// News & Events

iDefense Labs in the News

News Articles

Press Releases

Microsoft Security Bulletins

Upcoming Events

Live Research Webcasts

Industry Events

News from the Labs

If you can read this text, it is likely that you either have JavaScript disabled or your browser does not support JavaScript.
This will compromise your browsing experience and it is recommended that you enable JavaScript.

Click here to dismiss this warning.

If you continue to see this message, you should add "*.idefense.com" to your cookie whitelist.
You can read more about cookies in our privacy policy.

Title:	Microsoft Security Bulletin: October 2007
URL:	news/msft/2007-10-09.php
To:
From:
	You may add notes or comments below:
	Send me a copy of this email
	Anti-spam Validation:
	Privacy Statement