34 KBMicrosoft Security Bulletins
September 2007
Prior Updates:
2008
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
September 2007
Microsoft Security Bulletin MS07-051
Vulnerability in Agent could allow Remote Code Execution (938827)
Severity: CriticalVulnerabilities:
- Agent Remote Code Execution Vulnerability - CVE-2007-3040
A remote code execution vulnerability exists in Microsoft Agent in the way that it handles certain specially crafted URLs. The vulnerability could allow an attacker to remotely execute code on the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-052
Vulnerability in Crystal Reports Could Allow RCE (941522)
Severity: ImportantVulnerabilities:
- Crystal Reports RPT Processing Vulnerability - CVE-2006-6133
Crystal Reports RPT Processing A remote code execution vulnerability exists in the way Crystal Reports for Visual Studio handles malformed RPT files. An attacker could exploit the vulnerability by sending an affected user a malformed RPT file as an e-mail attachment, or hosting the file on a specially crafted or compromised Web site. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Microsoft Security Bulletin MS07-053
Vulnerability in Windows UNIX Services Could Allow EoP (939778)
Severity: ImportantVulnerabilities:
- Windows Services for UNIX Could Allow Elevation of Privilege - CVE-2007-3036
A vulnerability exists in Windows Services for UNIX 3.0, Windows Services for UNIX 3.5, and Subsystem for UNIX-based Applications where running certain setuid binary files could allow an attacker to gain elevation of privilege. An attacker who successfully exploited this vulnerability could gain elevation of privilege.
Microsoft Security Bulletin MS07-054
Vulnerability in MSN Messenger and Windows Live Messenger could allow RCE (942099)
Severity: ImportantVulnerabilities:
- MSN Messenger Video Chat Remote Code Execution Vulnerability - CVE-2007-2931
A remote code execution vulnerability exists in MSN Messenger 6.2, MSN Messenger 7.0, MSN Messenger 7.5, and Windows Live Messenger 8.0. The vulnerability could allow remote code execution when a user chooses to accept a video chat invitation from an attacker. An attacker who successfully exploited this vulnerability could take complete control of the affected system. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.