34 KBMicrosoft Security Bulletins
July 2007
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
July 2007
Microsoft Security Bulletin MS07-036
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (936542)
Severity: CriticalVulnerabilities:
- Calculation Error Vulnerability - CVE-2007-1756
A remote code execution vulnerability exists in the way Excel handles malformed Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site. - Worksheet Memory Corruption Vulnerability - CVE-2007-3029
A remote code execution vulnerability exists in the way Excel handles malformed Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site. - Workbook Memory Corruption Vulnerability – CVE-2007-3030
A remote code execution vulnerability exists in the way Excel handles malformed Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site.
Microsoft Security Bulletin MS07-037
Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution (936548)
Severity: ImportantVulnerabilities:
- Publisher Invalid Memory Reference Vulnerability – CVE-2007-1754
A remote code execution vulnerability exists in the way Publisher does not adequately clear out memory resources when writing application data from disk to memory. An attacker could exploit the vulnerability by constructing a specially crafted Publisher (.pub) page. When a user views the .pub page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS07-038
Vulnerability in Windows Vista Firewall Could Allow Information Disclosure (935807)
Severity: ModerateVulnerabilities:
- Windows Vista Firewall Blocking Rule Information Disclosure Vulnerability – CVE-2007-3038
There is an information disclosure vulnerability in Windows Vista that could allow a remote anonymous attacker to send inbound network traffic to the affected system. It would be possible for the attacker to gain information about the system over the network.
Microsoft Security Bulletin MS07-039
Vulnerability in Windows Active Directory Could Allow Remote Code Execution (926122)
Severity: CriticalVulnerabilities:
- Windows Active Directory Remote Code Execution Vulnerability- CVE-2007-0040
A remote code execution vulnerability exists in the way that Active Directory validates a LDAP request. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Windows Active Directory Denial of Service Vulnerability- CVE-2007-3028
A denial of service vulnerability exists in the way that Microsoft Active Directory validates a client-sent LDAP request. An attacker could exploit the vulnerability by sending a specially crafted LDAP request to a server running Active Directory. An attacker who successfully exploited this vulnerability could cause the server to temporarily stop responding.
Microsoft Security Bulletin MS07-040
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (931212)
Severity: CriticalVulnerabilities:
- .NET PE Loader Vulnerability - CVE-2007-0041
A remote code execution vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. If a user is logged in with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. - ASP.NET Null Byte Termination Vulnerability - CVE-2007-0042
An information disclosure vulnerability exists in .NET Framework that could allow an attacker who successfully exploited this vulnerability to bypass the security features of an ASP.NET Web site to download the contents of any Web page. - .NET JIT Compiler Vulnerability - CVE-2007-0043
A remote code execution vulnerability exists in .NET Framework Just In Time Compiler that could allow an attacker who successfully exploited this vulnerability to take make changes to the system with the permissions of the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-041
Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution (939373)
Severity: ImportantVulnerabilities:
- IIS Memory Request Vulnerability - CVE-2005-4360
There is a remote code execution vulnerability in Internet Information Services (IIS) 5.1 on Windows XP Professional Service Pack 2 that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could exploit the vulnerability by sending specially crafted URL requests to a Web page hosted by Internet Information Services.