VCP
  |
  DOWNLOADS
  |
  PRESENTATIONS
  |
  CURRENT INTELLIGENCE
  |
  SERVICES
  |
  METHODOLOGY
  |
  NEWS & EVENTS
  |
  ABOUT
 
MICROSOFT SECURITY BULLETIN: DECEMBER 2007
MICROSOFT SECURITY BULLETIN: DECEMBER 2007
MICROSOFT SECURITY BULLETIN: DECEMBER 2007
 Home // News  //  Microsoft // Microsoft Security Bulletin: December 2007
Email This Page URL  Print This Page

Microsoft Corp. has released seven security bulletins encompassing 11 vulnerabilities. This report provides an initial summary of these pending issues.
 

Security Bulletin MS07-063: Vulnerability in SMBv2 Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/bulletin/MS07-063.mspx

CVE Number: CVE-2007-5351
iDefense Title: Microsoft Windows Vista Server Message Block (SMB) Version 2 Signing Implementation Error Vulnerability
iDefense Master ID: 466350
iDefense Severity: MEDIUM

Remote exploitation of a design error vulnerability in multiple versions of Microsoft Corp.'s Windows Vista could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS07-064: Vulnerabilities in DirectX Could Allow Remote Code Execution (941568)
http://www.microsoft.com/technet/security/bulletin/MS07-064.mspx

CVE Number: CVE-2007-3895
iDefense Title: Microsoft DirectX WAV and AVI File Parsing Input Validation Vulnerability
iDefense Master ID: 466352
iDefense Severity: HIGH

Remote exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s DirectX could allow an attacker to execute arbitrary code.

CVE Number: CVE-2007-3901
iDefense Title: Microsoft DirectX 7 and 8 DirectShow SAMI File Parsing Stack Buffer Overflow Vulnerability
iDefense Master ID: 464368
iDefense Severity: HIGH

Remote exploitation of a stack buffer overflow vulnerability in version 7 and 8 of Microsoft Corp.'s DirectX could allow an attacker to execute arbitrary code in the context of the affected user.
 

Security Bulletin MS07-065: Vulnerability in Message Queuing Could Allow Remote Code Execution (937894)
http://www.microsoft.com/technet/security/bulletin/MS07-065.mspx

CVE Number: CVE-2007-3039
iDefense Title: Microsoft Message Queuing Service Buffer Overflow Vulnerability
iDefense Master ID: 466353
iDefense Severity: MEDIUM

Remote exploitation of a buffer overflow vulnerability in Microsoft Corp.'s Message Queuing service, as included in Windows 2000 and XP, could allow an attacker to execute arbitrary code within the local system security context.
 

Security Bulletin MS07-066: Vulnerability in Windows Kernel Could Allow Elevation of Privilege (943078)
http://www.microsoft.com/technet/security/bulletin/MS07-066.mspx

CVE Number: CVE-2007-5350
iDefense Title: Microsoft Windows Kernel ALPC Reply Path Privilege Escalation Vulnerability
iDefense Master ID: 466355
iDefense Severity: MEDIUM

Local exploitation of an input validation vulnerability in multiple versions of Microsoft Corp.'s Windows operating system could allow an attacker to execute arbitrary code with system-level privileges.
 

Security Bulletin MS07-067: Vulnerability in Macrovision Driver Could Allow Local Elevation of Privilege
http://www.microsoft.com/technet/security/bulletin/MS07-067.mspx

CVE Number: CVE-2007-5587
iDefense Title: Macrovision SafeDisc secdrv.sys Method_Neither Buffer Overflow Vulnerability
iDefense Master ID: 464881
iDefense Severity: MEDIUM

Local exploitation of a buffer overflow vulnerability in Macrovision Corp.'s SafeDisc could allow attackers to execute arbitrary code on the targeted host.
 

Security Bulletin MS07-068: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275)
http://www.microsoft.com/technet/security/bulletin/MS07-068.mspx

CVE Number: CVE-2007-0064
iDefense Title: Microsoft Windows Media Format Runtime Execution of Arbitrary Code Vulnerability
iDefense Master ID: 466357
iDefense Severity: HIGH

Remote exploitation of a code execution vulnerability in Microsoft Corp.'s Windows Media Format Runtime allows an attacker to execute arbitrary code.
 

Security Bulletin MS07-069: Cumulative Security Update for Internet Explorer (942615)
http://www.microsoft.com/technet/security/bulletin/MS07-069.mspx

CVE Number: CVE-2007-3902
iDefense Title: Microsoft Internet Explorer JavaScript setExpression Method Heap Corruption Vulnerability
iDefense Master ID: 458909
iDefense Severity: HIGH
iDefense Initial Disclosure Date: May 7, 2007

Remote exploitation of a heap corruption vulnerability in Microsoft Corp.'s Internet Explorer Web browser allows attackers to execute arbitrary code within the context of the affected user.

CVE Number: CVE-2007-3903
iDefense Title: Microsoft Internet Explorer Uninitialized Memory Code Execution Vulnerability
iDefense Master ID: 466359
iDefense Severity: HIGH
iDefense Initial Disclosure Date: May 7, 2007

Remote exploitation of an uninitialized memory vulnerability within Microsoft Corp.'s Internet Explorer Web browser allows attackers to execute arbitrary code in the context of the current user.

CVE Number: CVE-2007-5344
iDefense Title: Microsoft Internet Explorer Uninitialized Memory Code Execution Vulnerability
iDefense Master ID: 466351
iDefense Severity: HIGH
iDefense Initial Disclosure Date: May 7, 2007

Remote exploitation of an uninitialized memory vulnerability within Microsoft Corp.'s Internet Explorer Web browser allows attackers to execute arbitrary code in the context of the current user.

CVE Number: CVE-2007-5347
iDefense Title: Microsoft Internet Explorer DHTML Object Memory Corruption Vulnerability
iDefense Master ID: 466349
iDefense Severity: HIGH
iDefense Initial Disclosure Date: May 7, 2007

Remote exploitation of a memory corruption vulnerability in Microsoft Corp.'s Internet Explorer could allow an attacker to execute arbitrary code with the privileges of the logged-in user.