34 KBMicrosoft Security Bulletins
August 2007
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
August 2007
Microsoft Security Bulletin MS07-042
Vulnerability in Microsoft XML Core Services Could Allow RCE (936227)
Severity: CriticalVulnerabilities:
- Microsoft XML Core Services Vulnerability - CVE-2007-2223
A remote code execution vulnerability exists in Microsoft XML Core Services that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-043
Vulnerability in OLE Automation Could Allow RCE (921503)
Severity: CriticalVulnerabilities:
- OLE Automation Memory Corruption Vulnerability - CVE-2007-2224
A remote code execution vulnerability exists in Object linking and embedding (OLE) Automation that could allow an attacker who successfully exploited this vulnerability to make changes to the system with the permissions of the logged-on user. If a user is logged on with administrative user rights, an attacker could take complete control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-044
Vulnerability in Microsoft Excel Could Allow RCE (940965)
Severity: CriticalVulnerabilities:
- Worksheet Memory Corruption Vulnerability – CVE-2007-3890
A remote code execution vulnerability exists in the way Excel handles malformed Excel files. An attacker could exploit the vulnerability by sending a malformed file which could be included as an e-mail attachment, or hosted on a malicious or compromised Web site.
Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)
Severity: CriticalVulnerabilities:
- CSS Memory Corruption Vulnerability - CVE-2007-0943
A remote code execution vulnerability exists in the way Internet Explorer parses certain strings in CSS. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. - ActiveX Object Vulnerability - CVE-2007-2216
A remote code execution vulnerability exists in the ActiveX control, tblinf32.dll. This control can also be found under the name of vstlbinf.dll. Both of these components were never intended to be supported in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. - ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041
A remote code execution vulnerability exists in the ActiveX object, pdwizard.ocx. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
Microsoft Security Bulletin MS07-046
Vulnerability in GDI Could Allow RCE (938829)
Severity: CriticalVulnerabilities:
- Remote Code Execution Vulnerability in GDI– CVE-2007-3034
A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles specially crafted images. An attacker could exploit the vulnerability by constructing a specially crafted image that could potentially allow remote code execution if a user opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-047
Vulnerability in Windows Media Player Could Allow RCE (936782)
Severity: ImportantVulnerabilities:
- Windows Media Player Code Execution Vulnerability Parsing Skins – CVE-2007-3037
A code execution vulnerability exists in Windows Media Player skin parsing. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Windows Media Player Code Execution Vulnerability Decompressing Skins - CVE-2007-3035
A remote code execution vulnerability exists in Windows Media Player an attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS07-048
Vulnerability in Windows Gadgets Could Allow Remote Code Execution (938123)
Severity: ImportantVulnerabilities:
- Windows Vista Feed Headlines Gadget Could Allow Remote Code Execution – CVE-2007-3033
A remote code execution vulnerability exists in Windows Vista Feed Headlines Gadgets that could allow a remote anonymous attacker to run code with the privileges of the logged on user. - Windows Vista Contacts Gadget Could Allow Code Execution – CVE-2007-3032
A code execution vulnerability exists in Windows Vista Contacts Gadget that could allow an attacker to run code with the privileges of the logged on user. - Windows Vista Weather Gadget Could Allow Remote Code Execution – CVE-2007-3891
A remote code execution vulnerability exists in Windows Vista Weather Gadgets that could allow an attacker to run code with the privileges of the logged on user.
Microsoft Security Bulletin MS07-049
Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)
Severity: ImportantVulnerabilities:
- Virtual PC and Virtual Server Heap Overflow Vulnerability - CVE-2007-0948
An elevation of privilege vulnerability exists in Microsoft Virtual PC and Microsoft Virtual Server that could allow a user with administrator permissions to the guest operating system to run code on the host operating system or other guest operating systems. An attacker with administrator permissions to the guest operating system, could exploit the vulnerability by running specially crafted code on the guest operating system. This could result in a heap overflow on the host or other guest operating systems. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS07-050
Vulnerability in Vector Markup Language Could Allow RCE
Severity: CriticalVulnerabilities:
- VML Buffer Overrun Vulnerability - CVE-2007-1749
A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail. When a user views the Web page or the message, the vulnerability could allow remote code execution