Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1328
    posted: 12/12/08
  • NSM Daily Update #1328
    posted: 12/12/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1328
    posted: 12/12/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1321
    posted: 12/12/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 12/12/08
Microsoft Security Bulletins

December 2006

Prior Updates:

2008 |December |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

December 2006

Microsoft Security Bulletin MS06-072

Cumulative Security Update for Internet Explorer (925454)

Severity: Critical
Vulnerabilities:
  • Script Error Handling Memory Corruption Vulnerability - CVE-2006-5579
    A remote code execution vulnerability exists in Internet Explorer due to attempts to access previously freed memory when handling script errors in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • DHTML Script Function Memory Corruption Vulnerability - CVE-2006-5581
    A remote code execution vulnerability exists in the way Internet Explorer interprets certain DHTML script function calls to incorrectly created elements. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • TIF Folder Information Disclosure Vulnerability - CVE-2006-5578
    An information disclosure vulnerability exists in Internet Explorer in the way that drag and drop operations are handled in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed and interacted with the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Information Files (TIF) folder on a user’s system.
  • TIF Folder Information Disclosure Vulnerability - CVE-2006-5577
    An information disclosure vulnerability exists in Internet Explorer in certain scenarios where the path to the cached content in the TIF folder could be disclosed. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could allow for information disclosure if a user viewed the Web page. An attacker who successfully exploited this vulnerability would be able to retrieve files from the Temporary Internet Files (TIF) folder on a user’s system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS06-073

Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution (925674)

Severity: Critical
Vulnerabilities:
  • WMI Object Broker Vulnerability - CVE-2006-4704
    A remote code execution vulnerability exists in the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS06-074

Vulnerability in SNMP Could Allow Remote Code Execution (926247)

Severity: Important
Vulnerabilities:
  • SNMP Memory Corruption Vulnerability - CVE-2006-5583
    A remote code execution vulnerability exists in SNMP Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Microsoft Security Bulletin MS06-075

Vulnerability in Windows Could Allow Elevation of Privilege (926255)

Severity: Important
Vulnerabilities:
  • File Manifest Corruption Vulnerability - CVE-2006-5585
    A privilege elevation vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests. This vulnerability could allow a logged on user to take complete control of the system.

Microsoft Security Bulletin MS06-076

Cumulative Security Update for Outlook Express (923694)

Severity: Important
Vulnerabilities:
  • Windows Address Book Contact Record Vulnerability - CVE-2006-2386
    A remote code execution vulnerability in Outlook Express could allow an attacker who sent a Windows Address Book file to a user of an affected system to take complete control of the system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS06-077

Vulnerability in Remote Installation Service Could Allow Remote Code Execution (926121)

Severity: Important
Vulnerabilities:
  • RIS Writable Path Vulnerability - CVE-2006-5584
    The Remote Installation Service enables a TFTP service on the server which by default could allow an anonymous user to potentially overwrite existing operating system files or upload a specially crafted file. This could allow an attacker to compromise operating system installs offered by the RIS server.

Microsoft Security Bulletin MS06-078

Vulnerability in Windows Media Format Could Allow Remote Code Execution (923689)

Severity: Critical
Vulnerabilities:
  • Windows Media Player WMVCORE Vulnerability CVE-2006-4702
    A remote code execution vulnerability exists in Windows Media Format Runtime due to the way it handles the processing of ASF files. An attacker could exploit the vulnerability by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or opens an e-mail message with malicious content. An attacker who successfully exploited this vulnerability could take complete control of an affected system.