34 KBMicrosoft Security Bulletins
December 2006
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
December 2006
Microsoft Security Bulletin MS06-072
Cumulative Security Update for Internet Explorer (925454)
Severity: CriticalVulnerabilities:
- Script Error Handling Memory Corruption Vulnerability - CVE-2006-5579
A remote code execution vulnerability exists in Internet Explorer due to attempts to access previously freed memory when handling script errors in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - DHTML Script Function Memory Corruption Vulnerability - CVE-2006-5581
A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - TIF Folder Information Disclosure Vulnerability - CVE-2006-5578
An information disclosure vulnerability exists in Internet Explorer in the way that drag and drop operations are handled in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed and interacted with the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Information Files (TIF) folder on a user’s system. - TIF Folder Information Disclosure Vulnerability - CVE-2006-5577
An information disclosure vulnerability exists in Internet Explorer in certain scenarios where the path to the cached content in the TIF folder could be disclosed. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a user’s system. However, user interaction is required to exploit this vulnerability.
Microsoft Security Bulletin MS06-073
Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)
Severity: CriticalVulnerabilities:
- WMI Object Broker Vulnerability - CVE-2006-4704
A remote code execution vulnerability exists in the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS06-074
Vulnerability in SNMP Could Allow Remote Code Execution (926247)
Severity: ImportantVulnerabilities:
- SNMP Memory Corruption Vulnerability - CVE-2006-5583
A remote code execution vulnerability exists in SNMP Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
Microsoft Security Bulletin MS06-075
Vulnerability in Windows Could Allow Elevation of Privilege (926255)
Severity: ImportantVulnerabilities:
- File Manifest Corruption Vulnerability - CVE-2006-5585
A privilege elevation vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests. This vulnerability could allow a logged on user to take complete control of the system.
Microsoft Security Bulletin MS06-076
Cumulative Security Update for Outlook Express (923694)
Severity: ImportantVulnerabilities:
- Windows Address Book Contact Record Vulnerability - CVE-2006-2386
A remote code execution vulnerability in Outlook Express could allow an attacker who sent a Windows Address Book file to a user of an affected system to take complete control of the system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Microsoft Security Bulletin MS06-077
Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)
Severity: ImportantVulnerabilities:
- RIS Writable Path Vulnerability - CVE-2006-5584
The Remote Installation Service enables a TFTP service on the server which by default could allow an anonymous user to potentially overwrite existing operating system files or upload a specially crafted file. This could allow an attacker to compromise operating system installs offered by the RIS server.
Microsoft Security Bulletin MS06-078
Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)
Severity: CriticalVulnerabilities:
- Windows Media Player WMVCORE Vulnerability CVE-2006-4702
A remote code execution vulnerability exists in Windows Media Format Runtime due to the way it handles the processing of ASF files. An attacker could exploit the vulnerability by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or opens an e-mail message with malicious content. An attacker who successfully exploited this vulnerability could take complete control of an affected system.