34 KBMicrosoft Security Bulletins
May 2007
Prior Updates:
2008
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
May 2007
Microsoft Security Bulletin MS07-023
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (934233)
Severity: CriticalVulnerabilities:
- Excel BIFF Record Vulnerability - CVE-2007-0215
A remote code execution vulnerability exists in the way Excel handles files with malformed BIFF records. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. - Excel Set Font Vulnerability - CVE-2007-1203
A remote code execution vulnerability exists in the way Excel handles Excel files with specially crafted set font values. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. - Excel Filter Record Vulnerability CVE-2007-1214
A remote code execution vulnerability exists in the way Excel handles Excel files with specially crafted filter records. Such a file might be included in an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
Microsoft Security Bulletin MS07-024
Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (934232)
Severity: CriticalVulnerabilities:
- Word Array Overflow Vulnerability - CVE-2007-0035
A remote code execution vulnerability exists in the way Microsoft Word handles data within an array. A specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. - Word Document Stream Vulnerability - CVE-2007-0870
A remote code execution vulnerability exists in the way Microsoft Word handles a specially crafted Word Document stream. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. - Word RTF Parsing Vulnerability - CVE-2007-1202
A remote code execution vulnerability exists in the way Microsoft Word parses certain rich text characters within a file. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
Microsoft Security Bulletin MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
Severity: CriticalVulnerabilities:
- Drawing Object Vulnerability - CVE-2007-1747
A remote code execution vulnerability exists in the way Microsoft Office handles a specially crafted drawing object. An attacker could exploit this vulnerability when Office parses a file and processes a malformed drawing object. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Office file containing a malformed drawing object that could allow remote code execution.
Microsoft Security Bulletin MS07-026
Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution (931832)
Severity: CriticalVulnerabilities:
- Outlook Web Access Script Injection Vulnerability - CVE-2007-0220
An information disclosure vulnerability exists in Microsoft Exchange in the way that Outlook Web Access (OWA) handles script-based attachments. An attached script could spoof content, disclose information, or take any action that the user could take within the context of the OWA session. - Malformed iCal Vulnerability - CVE-2007-0039
A denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles calendar content requests. An attacker could exploit the vulnerability by sending an e-mail message with specially crafted iCal file to a Microsoft Exchange Server user account. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding. - MIME Decoding Vulnerability - CVE-2007-0213
A remote code execution vulnerability exists in Microsoft Exchange Server because of the way that it decodes specially crafted e-mail messages. An attacker could exploit the vulnerability by sending a specially crafted e-mail to a Microsoft Exchange Server user account. An attacker who successfully exploited this vulnerability could take complete control of an affected system - IMAP Literal Processing Vulnerability - CVE-2007-0221
A denial of service vulnerability exists in Microsoft Exchange Server because of the way that it handles invalid IMAP requests. An attacker could exploit the vulnerability by sending a specially crafted IMAP command to a Microsoft Exchange Server configured as an IMAP server. An attacker successfully exploiting this vulnerability could cause the mail service to stop responding.
Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)
Severity: CriticalVulnerabilities:
- COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0942
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Uninitialized Memory Corruption Vulnerability - CVE-2007-0944
A remote code execution vulnerability exists in the way Internet Explorer accessing a object when it is not initiated or already deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user viewed the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Property Memory Corruption Vulnerability - CVE-2007-0945
A remote code execution vulnerability exists in the way Internet Explorer handles a property method. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - HTML Objects Memory Corruption Vulnerabilities - CVE-2007-0946, CVE-2007-0947
Several remote code execution vulnerabilities exist in Internet Explorer due to attempts to access uninitialized memory in certain situations. An attacker could exploit these vulnerabilities by constructing a specially crafted Web page. If a user viewed the Web page, these vulnerabilities could allow remote code execution. An attacker who successfully exploited these vulnerabilities could take complete control of an affected system. - Arbitrary File Rewrite Vulnerability - CVE-2007-2221
A remote code execution vulnerability exists in a media service component that was never supported in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS07-028
Vulnerability in CAPICOM Could Allow Remote Code Execution (931906)
Severity: CriticalVulnerabilities:
- CAPICOM.Certificates Vulnerability - CVE-2007-0940
A remote code execution vulnerability exists in Cryptographic API Component Object Model (CAPICOM) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
Microsoft Security Bulletin MS07-029
Vulnerability in Windows DNS RPC Interface Could Allow Remote Code Execution (935966)
Severity: CriticalVulnerabilities:
- DNS RPC Management Vulnerability - CVE-2007-1748
A remote code execution vulnerability exists in the Domain Name System (DNS) Server Service in all supported server versions of Windows that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.