Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1328
    posted: 12/12/08
  • NSM Daily Update #1328
    posted: 12/12/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1328
    posted: 12/12/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1321
    posted: 12/12/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 12/12/08
Microsoft Security Bulletins

November 2006

Prior Updates:

2008 |December |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

November 2006

Microsoft Security Bulletin MS06-066

Vulnerabilities in NetWare Client Service Could Allow Remote Code Execution (923980)

Severity: Important
Vulnerabilities:
  • Client Service for NetWare Memory Corruption Vulnerability - CVE-2006-4688
    There is a remote code execution vulnerability in Client Services for NetWare (CSNW) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
  • NetWare Driver Denial of Service Vulnerability - CVE-2006-4689
    A denial of service vulnerability exists in Client Services for NetWare (CSNW) that could allow an attacker to send a specially crafted network message to an affected system running the Client Services for NetWare service. An attacker could cause the system to stop responding.

Microsoft Security Bulletin MS06-067

Cumulative Security Update for Internet Explorer (922760)

Severity: Critical
Vulnerabilities:
  • DirectAnimation ActiveX Controls Memory Corruption Vulnerabilities - CVE-2006-4446 and CVE-2006-4777
    Remote code execution vulnerabilities exist in DirectAnimation ActiveX controls that could be exploited if the ActiveX controls are passed unexpected data. An attacker could exploit these vulnerabilities by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the specially crafted Web page. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.
  • HTML Rendering Memory Corruption Vulnerability - CVE-2006-4687
    A remote code execution vulnerability exists in the way Internet Explorer interprets HTML with certain layout combinations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS06-068

Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

Severity: Critical
Vulnerabilities:
  • Microsoft Agent Memory Corruption Vulnerability - CVE-2006-3445
    There is a remote code execution vulnerability in the way that Microsoft Agent handles specially crafted .ACF files. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS06-069

Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

Severity: Critical
Vulnerabilities:
  • Macromedia Flash Player Vulnerabilities - CVE-2006-3311, CVE-2006-3014, CVE-2006-3587, CVE-2006-3588, CVE-2006-4640
    Several remote code execution vulnerabilities exist in Macromedia Flash Player from Adobe because of the way that it handles Flash Animation (SWF) files. An attacker could exploit these vulnerabilities by constructing a specially crafted Flash Animation (SWF) file that could potentially allow remote code execution if a user visited a Web site containing the specially crafted SWF file. The specially crafted SWF file could also be sent as an e-mail attachment. A user would only be at risk if opening this e-mail attachment. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system.

Microsoft Security Bulletin MS06-070

Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

Severity: Critical
Vulnerabilities:
  • Workstation Service Memory Corruption Vulnerability - CVE-2006-4691
    A remote code execution vulnerability exists in the Workstation service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Microsoft Security Bulletin MS06-071

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)

Severity: Critical
Vulnerabilities:
  • Microsoft XML Core Services Vulnerability - CVE-2006-5745
    A vulnerability exists in the XMLHTTP ActiveX control within Microsoft XML Core Services that could allow for remote code execution. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially lead to remote code execution if a user visited that page or clicked a link in a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.