Notices
NSC-060711: Windows, Office, and IIS Vulnerablilities
National Cyber Alert System
Technical Cyber Security Alert TA06-192A
Microsoft Windows, Office, and IIS Vulnerabilities
Original release date: July 11, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Information Services (IIS)
* Microsoft Office
* Microsoft Office for Mac
* Microsoft Access
* Microsoft Excel and Excel Viewer
* Microsoft FrontPage
* Microsoft InfoPath
* Microsoft OneNote
* Microsoft Outlook
* Microsoft PowerPoint
* Microsoft Project
* Microsoft Publisher
* Microsoft Visio
* Microsoft Word and Word Viewer
Overview
Microsoft has released updates that address critical vulnerabilitiesin Microsoft Windows, IIS, and Office. Exploitation of thesevulnerabilities could allow a remote, unauthenticated attacker toexecute arbitrary code or cause a denial of service on a vulnerable system.
I. Description
Microsoft Security Bulletin Summary for July 2006 addresses vulnerabilities in Microsoft products including Windows, IIS, andOffice. Further information is available in the following US-CERT
Vulnerability Notes:
VU#395588 - Microsoft Internet Information Services vulnerable toremote code execution via specially crafted ASP file Microsoft Internet Information Services (IIS) contains a bufferoverflow vulnerability. This may allow a remote, authenticatedattacker to execute arbitrary code on a vulnerable system.(CVE-2006-0026)
VU#189140 - Microsoft Server Service Mailslot vulnerable to heapoverflow A buffer overflow vulnerability in the Microsoft mailslot serverservice may allow a remote attacker to execute arbitrary code on avulnerable system.(CVE-2006-1314)
VU#257164 - Microsoft DHCP Client service contains a buffer overflow Microsoft DHCP Client service contains a buffer overflow. Thisvulnerability may allow a remote attacker to execute arbitrary code ona vulnerable system.(CVE-2006-2372)
VU#802324 - Microsoft Excel vulnerability An unspecified vulnerability in Microsoft Excel could allow anattacker to execute arbitrary code on a vulnerable system.(CVE-2006-3059)
VU#580036 - Microsoft Office fails to properly handle malformedstrings Microsoft Office fails to properly handle specially crafted strings.This vulnerability could allow a remote attacker to execute arbitrarycode.(CVE-2006-1316)
VU#609868 - Microsoft Office string parsing vulnerability Microsoft Office fails to properly parse strings. This vulnerabilitycould allow a remote attacker to execute arbitrary code.(CVE-2006-1540)
VU#409316 - Microsoft Office fails to properly handle documentproperties Microsoft Office contains a buffer overflow when handling speciallycrafted document properties. This vulnerability could allow a remoteattacker to execute arbitrary code.(CVE-2006-2389)
VU#459388 - Microsoft Office fails to properly handle PNG images Microsoft Office applications fail to properly handle PNG images. Thisvulnerability may allow a remote attacker to execute arbitrary code ona vulnerable system.(CVE-2006-0033)
VU#668564 - Microsoft Office fails to properly handle GIF images Microsoft Office applications fail to properly handle GIF images. Thisvulnerability may allow a remote attacker to execute arbitrary code ona vulnerable system.(CVE-2006-0007)
In MS06-037, Microsoft has released updates for the Excelvulnerability (VU#802324) described in Technical Cyber Security AlertTA06-167A.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on avulnerable system. An attacker may also be able to cause a denial ofservice.
III. Solution
Apply a patch from your vendor
Microsoft has provided updates for these vulnerabilities in the
Security Bulletins. Updates for Microsoft Windows and Microsoft Office
XP and later are available on the Microsoft Update site. Microsoft
Office 2000 updates are available on the Microsoft Office Update site.
Apple Mac OS X users should obtain updates from the Mactopia web site.
System administrators may wish to consider using Windows Server Update
Services (WSUS).
Workaround
Please see the following Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for July 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx>
* Technical Cyber Security Alert TA06-167A -
<http://www.us-cert.gov/cas/techalerts/TA06-167A.html>
* US-CERT Vulnerability Notes for Microsoft July 2006 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-jul>
* US-CERT Vulnerability Note VU#395588 -
<http://www.kb.cert.org/vuls/id/395588>
* US-CERT Vulnerability Note VU#189140 -
<http://www.kb.cert.org/vuls/id/189140>
* US-CERT Vulnerability Note VU#257164 -
<http://www.kb.cert.org/vuls/id/257164>
* US-CERT Vulnerability Note VU#802324 -
<http://www.kb.cert.org/vuls/id/802324>
* US-CERT Vulnerability Note VU#580036 -
<http://www.kb.cert.org/vuls/id/580036>
* US-CERT Vulnerability Note VU#609868 -
<http://www.kb.cert.org/vuls/id/609868>
* US-CERT Vulnerability Note VU#409316 -
<http://www.kb.cert.org/vuls/id/409316>
* US-CERT Vulnerability Note VU#459388 -
<http://www.kb.cert.org/vuls/id/459388>
* US-CERT Vulnerability Note VU#668564 -
<http://www.kb.cert.org/vuls/id/668564>
* CVE-2006-0026 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026>
* CVE-2006-1314 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314>
* CVE-2006-2372 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372>
* CVE-2006-3059 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059>
* CVE-2006-1316 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316>
* CVE-2006-1540 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540>
* CVE-2006-2389 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389>
* CVE-2006-0033 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033>
* CVE-2006-0007 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
* Microsoft Office Update - <http://officeupdate.microsoft.com>
* Mactopia - <http://www.microsoft.com/mac>
* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-192A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please sendemail to <cert@cert.org> with "TA06-192A Feedback VU#802324" in thesubject.____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
July 11, 2006: Initial release