Notices

NSC-060613: Microsoft  Many Vulnerabilities

 

National Cyber Alert System

Technical Cyber Security Alert TA06-164A

 

Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities

Original release date: June 13, 2006

Last revised: --

Source: US-CERT

 

Systems Affected

* Microsoft Windows

* Microsoft Windows Media Player

* Microsoft Internet Explorer

* Microsoft PowerPoint for Windows and Mac OS X

* Microsoft Word for Windows

* Microsoft Office

* Microsoft Works Suite

* Microsoft Exchange Server Outlook Web Access

For more complete information, refer to the Microsoft Security

Bulletin Summary for June 2006.

 

Overview

Microsoft has released updates that address critical vulnerabilities

in Microsoft Windows, Word, PowerPoint, Media Player, Internet

Explorer, and Exchange Server. Exploitation of these vulnerabilities

could allow a remote, unauthenticated attacker to execute arbitrary

code or cause a denial of service on a vulnerable system.

 

I. Description

Microsoft Security Bulletin Summary for June 2006 addresses

vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player,

Internet Explorer, and Exchange Server. Further information is

available in the following US-CERT Vulnerability Notes:

VU#722753 - Microsoft IP Source Route Vulnerability

A vulnerability in Microsoft Windows could allow a remote attacker to

execute arbitrary code on a vulnerable system.

(CVE-2006-2379)

VU#446012 - Microsoft Word object pointer memory corruption

vulnerability

A memory corruption vulnerability in Microsoft Word could allow a

remote attacker to execute arbitrary code with the privileges of the

user running Word.

(CVE-2006-2492)

VU#190089 - Microsoft PowerPoint malformed record vulnerability

Microsoft PowerPoint fails to properly handle malformed records. This

may allow a remote attacker to execute arbitrary code on a vulnerable

system.

(CVE-2006-0022)

VU#923236 - Microsoft Windows ART image handling buffer overflow

Microsoft Windows ART image handling routines are vulnerable to a

heap-based buffer overflow. This vulnerability may allow a remote,

unauthenticated attacker to execute arbitrary code on a vulnerable

system.

(CVE-2006-2378)

VU#390044 - Microsoft JScript memory corruption vulnerability

Microsoft JScript contains a memory corruption vulnerability. This

vulnerability may allow a remote, unauthenticated attacker to execute

arbitrary code on a vulnerable system.

(CVE-2006-1313)

VU#338828 - Microsoft Internet Explorer exception handling

vulnerability

Microsoft Internet Explorer fails to properly handle exception

conditions. This may allow a remote, unauthenticated attacker to

execute arbitrary code.

(CVE-2006-2218)

VU#417585 - Microsoft DXImageTransform Light filter fails to validate

input

The Microsoft DXImageTransform Light COM object fails to validate

input, which may allow a remote attacker to execute arbitrary code on

a vulnerable system.

(CVE-2006-2383)

VU#959049 - Multiple COM objects cause memory corruption in Microsoft

Internet Explorer

Microsoft Internet Explorer (IE) allows instantiation of COM objects

not designed for use in the browser, which may allow a remote attacker

to execute arbitrary code or crash IE.

(CVE-2006-2127)

VU#136849 - Microsoft Internet Explorer UTF-8 decoding vulnerability

Microsoft Internet Explorer fails to properly decode UTF-8 encoded

HTML. This may allow a remote, unauthenticated attacker to execute

arbitrary code on a vulnerable system.

(CVE-2006-2382)

VU#909508 - Microsoft Graphics Rendering Engine fails to properly

handle WMF images

Microsoft Windows Graphics Rendering Engine contains a vulnerability

that may allow a remote attacker to execute arbitrary code on a

vulnerable system.

(CVE-2006-2376)

VU#608020 - Microsoft Windows Media Player PNG processing buffer

overflow

Microsoft Windows Media Player contains a stack-based buffer overflow

vulnerability that may allow a remote, unauthenticated attacker to

execute arbitrary code on a vulnerable system.

(CVE-2006-0025)

VU#814644 - Microsoft Remote Access Connection Manager service

vulnerable to buffer overflow

A vulnerability in the Microsoft Remote Access Connection Manager may

allow a remote attacker to execute arbitrary code on a vulnerable

system.

(CVE-2006-2371)

VU#631516 - Microsoft Routing and Remote Access does not properly

handle RPC requests

There is a vulnerability in the Microsoft Windows Routing and Remote

Access Service that could allow an attacker to take control of the

affected system.

(CVE-2006-2370)

VU#138188 - Microsoft Outlook Web Access for Exchange Server script

injection vulnerability

A script injection vulnerability exists in Microsoft Exchange Server

running Outlook Web Access.

(CVE-2006-1193)

In MS06-027 Microsoft has released updates for the Word vulnerability

described in Technical Cyber Security Alert TA06-139A.

 

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on a

vulnerable system. An attacker may also be able to cause a denial of

service.

 

III. Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the

Security Bulletins. Microsoft Windows updates are available on the

Microsoft Update site.

Workarounds

Please see the US-CERT Vulnerability Notes for workarounds.

 

Appendix A. References

* Microsoft Security Bulletin Summary for June 2006 -

<http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx>

* Technical Cyber Security Alert TA06-139A -

<http://www.us-cert.gov/cas/techalerts/TA06-139A.html>

* US-CERT Vulnerability Notes for Microsoft Updates for June 2006 -

<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-june>

* US-CERT Vulnerability Note VU#446012 -

<http://www.kb.cert.org/vuls/id/446012>

* US-CERT Vulnerability Note VU#190089 -

<http://www.kb.cert.org/vuls/id/190089>

* US-CERT Vulnerability Note VU#923236 -

<http://www.kb.cert.org/vuls/id/923236>

* US-CERT Vulnerability Note VU#390044 -

<http://www.kb.cert.org/vuls/id/390044>

* US-CERT Vulnerability Note VU#338828 -

<http://www.kb.cert.org/vuls/id/338828>

* US-CERT Vulnerability Note VU#417585 -

<http://www.kb.cert.org/vuls/id/417585>

* US-CERT Vulnerability Note VU#136849 -

<http://www.kb.cert.org/vuls/id/136849>

* US-CERT Vulnerability Note VU#909508 -

<http://www.kb.cert.org/vuls/id/909508>

* US-CERT Vulnerability Note VU#722753 -

<http://www.kb.cert.org/vuls/id/722753>

* US-CERT Vulnerability Note VU#959049 -

<http://www.kb.cert.org/vuls/id/959049>

* US-CERT Vulnerability Note VU#138188 -

<http://www.kb.cert.org/vuls/id/138188>

* US-CERT Vulnerability Note VU#608020 -

<http://www.kb.cert.org/vuls/id/608020>

* US-CERT Vulnerability Note VU#814644 -

<http://www.kb.cert.org/vuls/id/814644>

* US-CERT Vulnerability Note VU#631516 -

<http://www.kb.cert.org/vuls/id/631516>

* CVE-2006-2492 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2492>

* CVE-2006-0022 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0022>

* CVE-2006-2378 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2378>

* CVE-2006-1313 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1313>

* CVE-2006-2218 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2218>

* CVE-2006-2383 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2383>

* CVE-2006-2127 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2127>

* CVE-2006-2382 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2382>

* CVE-2006-2376 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2376>

* CVE-2006-2379 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2379>

* CVE-2006-1193 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1193>

* CVE-2006-0025 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0025>

* CVE-2006-2371 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2371>

* CVE-2006-2370 -

<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370>

* Microsoft Update - <https://update.microsoft.com/microsoftupdate>

* Securing Your Web Browser -

<http://www.us-cert.gov/reading_room/securing_browser/#Internet_Ex

plorer>

 

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA06-164A.html>

____________________________________________________________________

Feedback can be directed to US-CERT Technical Staff. Please send

email to <cert@cert.org> with "TA06-164A Feedback VU#390044" in the

subject.

____________________________________________________________________

For instructions on subscribing to or unsubscribing from this

mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

____________________________________________________________________

Produced 2006 by US-CERT, a government organization.

Terms of use:

<http://www.us-cert.gov/legal.html>

____________________________________________________________________

 

Revision History

June 13, 2006: Initial release

 

UI Home | UI A-Z Search | UI Phonebook/Email | Contact Us

Copyright © The University of Iowa. All rights reserved.