34 KBMicrosoft Security Bulletins
January 2007
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
January 2007
Microsoft Security Bulletin MS07-001
Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker That Could Allow Remote Code Execution (921585)
Severity: ImportantVulnerabilities:
- Office 2003 Brazilian Grammar Checker Vulnerability - CVE-2006-5574
A remote code execution vulnerability exists in Office 2003 Brazilian Grammar Checker. An attacker could exploit this vulnerability when Office parses a file and processes a malformed character set. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-002
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (927198)
Severity: CriticalVulnerabilities:
- Excel Malformed IMDATA Record Vulnerability - CVE-2007-0027
A remote code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability when Excel parses a file and processes a malformed IMDATA record. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Excel Malformed Record Vulnerability - CVE-2007-0028
A remote code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability when Excel parses a file and processes a malformed record. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Excel Malformed String Vulnerability - CVE-2007-0029
A remote code execution vulnerability exists in Microsoft Excel that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Excel Malformed Column Record Vulnerability - CVE-2007-0030
A remote code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability when Excel parses a file and processes a malformed Column record. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Excel Malformed Palette Record Vulnerability - CVE-2007-0031
A remote code execution vulnerability exists in Microsoft Excel. An attacker could exploit this vulnerability when Excel parses a file and processes a malformed Palette record. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-003
Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution (925938)
Severity: CriticalVulnerabilities:
- Microsoft Outlook VEVENT Vulnerability - CVE-2007-0033
A remote code execution vulnerability exists in Microsoft Outlook. An attacker could exploit this vulnerability when Outlook parses a file and processes a malformed VEVENT record. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Microsoft Outlook Denial of Service Vulnerability – CVE-2006-1305
A denial of service vulnerability exists in Outlook in its processing of e-mail header information. An attacker who successfully exploited the vulnerability could send a malformed e-mail to a user of Outlook that would cause the Outlook client to fail under certain circumstances. The Outlook client would continue to fail so long as the malformed e-mail message remained on the e-mail server. The e-mail message could be deleted by an e-mail administrator, or by the user via another e-mail client such as Outlook Web Access or Outlook Express, after which point the Outlook client would again function normally. - Microsoft Outlook Advanced Find Vulnerability - CVE-2007-0034
A remote code execution vulnerability exists in Microsoft Outlook. An attacker could exploit this vulnerability when Outlook parses an .oss file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-004
Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969)
Severity: CriticalVulnerabilities:
- VML Buffer Overrun Vulnerability - CVE-2007-0024
A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially allow remote code execution if a user visited the Web page or viewed the message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.