Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1328
    posted: 12/12/08
  • NSM Daily Update #1328
    posted: 12/12/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1328
    posted: 12/12/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1321
    posted: 12/12/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 12/12/08
Microsoft Security Bulletins

June 2007

Prior Updates:

2008 |December |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

June 2007

Microsoft Security Bulletin MS07-030

Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution (927051)

Severity: Important
Vulnerabilities:
  • Version Number Memory Corruption Vulnerability - CVE-2007-0934
    A remote code execution vulnerability exists in the way Microsoft Visio handles a specially crafted version number in a Visio (.VSS) file. An attacker could exploit this vulnerability when Visio does not correctly validate the version number field when processing the contents of a file. Such a specially crafted file might be included as an e-mail attachment, or hosted on a malicious or compromised Web site.
  • Visio Document Packaging Vulnerability - CVE-2007-0936
    A remote code execution vulnerability exists in Microsoft Visio as a result of the way it incorrectly handles the compression and decompression of packed objects within the Visio file format. An attacker could exploit this vulnerability by constructing a malicious Visio (VSS, .VSD, or .VST) file that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted Visio attachment included in an e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS07-031

Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution (935840)

Severity: Critical
Vulnerabilities:
  • Vulnerability in the Windows Schannel Security Package - CVE-2007-2218
    A remote code execution vulnerability exists in the way that Windows Schannel on a client machine validates server-sent digital signatures. An attacker could host a specially crafted Web site that is designed to exploit these vulnerabilities through Internet Explorer and then convince a user to view the Web site. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger message that takes users to the attacker's Web site.

Microsoft Security Bulletin MS07-032

Vulnerability in Windows Vista Could Allow Information Disclosure (931213)

Severity: Moderate
Vulnerabilities:
  • Permissive User Information Store ACLs Information Disclosure Vulnerability - CVE-2007-2229
    There is an information disclosure vulnerability in Windows Vista that could allow non-privileged users to access local user information data stores including administrative passwords contained within the registry and local file system. The vulnerability could allow a local attacker to have access to user account data that could then be used in an attempt to gain full access to the affected system.

Microsoft Security Bulletin MS07-033

Cumulative Security Update for Internet Explorer (933566)

Severity: Critical
Vulnerabilities:
  • COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0218
    A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • CSS Tag Memory Corruption Vulnerability - CVE-2007-1750
    A remote code execution vulnerability exists in Internet Explorer due to improper handling of a CSS tag. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • Language Pack Installation Vulnerability - CVE-2006-5993
    A remote code execution vulnerability exists in Internet Explorer in the way that it handles language pack installation. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. User interaction, while expected, is required to exploit this vulnerability.
  • Uninitialized Memory Corruption Vulnerability - CVE-2007-1751
    A remote code execution vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or that has been deleted. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • Navigation Cancel Page Spoofing Vulnerability - CVE-2007-1752
    A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in the Navigation canceled page. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • Speech Control Memory Corruption Vulnerability - CVE-2007-2222
    A remote code execution vulnerability exists in a component of Microsoft Speech API 4. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS07-034

Cumulative Security Update for Outlook Express and Windows Mail (929123)

Severity: Important
Vulnerabilities:
  • URL Redirect Cross Domain Information Disclosure Vulnerability - CVE-2006-2111
    An information disclosure vulnerability exists in Windows because the MHTML protocol handler incorrectly interprets the MHTML URL redirections bypassing domain restrictions. An attacker could exploit this cross-domain scripting vulnerability by constructing a specially crafted Web page in Internet Explorer that could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain.
  • Windows Mail UNC Navigation Request Remote Code Execution Vulnerability - CVE-2007-1658
    A remote code execution vulnerability exists in the way local or UNC navigation requests are handled in Windows Mail. An attacker could exploit the vulnerability by constructing a specially crafted e-mail message that could potentially allow remote code execution from a local file or UNC path if a user clicks on a link in the e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • URL Parsing Cross Domain Information Disclosure Vulnerability - CVE-2007-2225
    An information disclosure vulnerability exists in Windows because the MHTML protocol handler incorrectly interprets HTTP headers when returning MHTML content. An attacker could exploit this vulnerability by constructing a specially crafted Web page in Internet Explorer that could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain.
  • Content Disposition Parsing Cross Domain Information Disclosure Vulnerability - CVE-2007-2227
    An information disclosure vulnerability exists in the way MHTML protocol handler passes Content-Disposition notifications back to Internet Explorer. The vulnerability could allow an attacker to bypass the file download dialog box in Internet Explorer. An attacker could exploit this information disclosure vulnerability by constructing a specially crafted Web page in Internet Explorer that could potentially allow information disclosure. An attacker who successfully exploited this vulnerability could read data from another Internet Explorer domain.

Microsoft Security Bulletin MS07-035

Vulnerability in Win 32 API Could Allow Remote Code Execution (935839)

Severity: Critical
Vulnerabilities:
  • Win32 API Vulnerability - CVE-2007-2219
    A remote code execution vulnerability exists in the way that the Win32 API validates parameters. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.