>
> *************************
> Widely Deployed Software
> *************************
>
> (1) CRITICAL: Microsoft Windows WebViewFolderIcon ActiveX Control
> Integer Overflow (MS06-057)
> Affected:
> Microsoft Windows XP SP0/SP1/SP2
> Microsoft Windows 2000 SP0-SP4
> Microsoft Windows Server 2003 SP0/SP1
> Microsoft Windows Server 2000 SP0-SP4
>
> Description: The WebViewFolderIcon ActiveX component, used by the
> Windows Explorer shell in modern versions of Microsoft
> Windows, contains
> an exploitable integer overflow vulnerability. A web page that
> instantiates this control could exploit this vulnerability and execute
> arbitrary code with the privileges of the current user. Note that
> numerous proofs-of-concept are available. This issue was
> reported in an
> earlier @RISK bulletin (see references below). This entry details the
> official Microsoft disclosure and response.
>
> Status: Microsoft confirmed, updates available. Users may be able to
> lessen the impact of this vulnerability by disabling the affected
> ActiveX controls via Microsoft's "kill bit" mechanism. The affected
> CLSIDs are: "e5df9d10-3b52-11d1-83e8-00a0c90dc849" and
> "844F4806-E8A8-11d2-9652-00C04FC30871".
>
> Council Site Actions: All reporting council sites are responding to
> this issue. Most sites are deploying the patches on an
> expedited basis,
> while other sites plan to deploy the patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Microsoft Knowledge Base Article detailing the "kill bit" mechanism
>
> Proofs-of-Concept
>
> 030_invoke_calc_pof.html
>
> _webview_setslice.pm
>
> WebViewFolderIcon_exp.pl
>
>
>
> BB18_poc.txt
>
> bview_setslice.rb
> Previous @RISK Entry
>
> SecurityFocus BID
>
> ****************************************************************
>
> (2) CRITICAL: Microsoft Excel Multiple Vulnerabilities (MS06-059)
> Affected:
> Microsoft Excel 2000/2002/2003
> Microsoft Excel Viewer 2003
> Microsoft Excel 2004/v.X for Mac
> Microsoft Works Suite 2004/2005/2006
>
> Description: Microsoft Excel contains multiple exploitable
> vulnerabilities in file-format processing code for Excel and
> Lotus 1-2-3
> files. A specially-crafted Excel or Lotus 1-2-3 file could
> exploit these
> vulnerabilities and execute arbitrary code with the privileges of the
> current user. Note that Microsoft Excel files are not opened
> by default
> in configurations other than Microsoft Office 2000 without
> the Microsoft
> Office Document Open Confirmation Tool. A proof-of-concept for this
> vulnerability has been publicly posted.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue. Most sites are deploying the patches on an expedited
> basis, while
> other sites plan to deploy the patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Zero Day Initiative Advisory
>
> Proof-of-Concept
>
> Related Proof-of-Concept for Microsoft Works (binary file)
>
> s_MSWorksSpreadsheet_PoCFiles.zip
> SecurityFocus BIDs
>
>
>
>
>
> ****************************************************************
>
> (3) CRITICAL: Microsoft Word Multiple Vulnerabilities (MS06-060)
> Affected:
> Microsoft Word 2000/2002/2003
> Microsoft Word Viewer 2003
> Microsoft Office 2004/v.X for Mac
> Microsoft Works Suite 2004/2005/2006
>
> Description: Microsoft Word contains multiple vulnerabilities in
> file-format processing code. A specially-crafted Word document file
> could exploit one of these vulnerabilities to execute arbitrary code
> with the privileges of the current user. Note that Microsoft
> Word files
> are not opened by default in configurations other than
> Microsoft Office
> 2000 without the Microsoft Office Document Open Confirmation
> Tool. Note
> that an exploit is known to be in the wild for this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue. Most sites are deploying the patches on an expedited
> basis, while
> other sites plan to deploy they patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Zero Day Initiative Advisory
>
> SecuriTeam blog posting regarding known 0-day
>
> SecurityFocus BIDs
>
>
>
>
>
> ****************************************************************
>
> (4) CRITICAL: Microsoft Office Multiple Vulnerabilities (MS06-062)
> Affected:
> Microsoft Office 2000 SP3
> Microsoft Office XP SP3
> Microsoft Office 2003 SP1/SP2
> Microsoft Project 2000/2002 Service Release 1
> Microsoft Visio 2002 SP2
> Microsoft Office 2004/v.X for Mac
>
> Description: Microsoft Office contains multiple vulnerabilities in the
> parsing of a variety of Office file formats. A
> specially-crafted Office
> file could exploit one of these vulnerabilities to execute arbitrary
> code with the privileges of the current user. Note that most Microsoft
> Office files are not opened by default in configurations other than
> Microsoft Office 2000 without the Microsoft Office Document Open
> Confirmation Tool.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue. Most sites are deploying the patches on an expedited
> basis, while
> other sites plan to deploy the patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Zero Day Initiative Advisory
>
> SecurityFocus BIDs
>
>
>
>
> ****************************************************************
>
> (5) HIGH: Microsoft PowerPoint Multiple Vulnerabilities (MS06-058)
> Affected:
> Microsoft PowerPoint 2000/2002/2003
> Microsoft PowerPoint 2004/v.X for Mac
>
> Description: Microsoft PowerPoint contains multiple vulnerabilities in
> file-format processing code. A specially-crafted PowerPoint file could
> exploit one of these vulnerabilities to execute arbitrary
> code with the
> privileges of the current user. Note that Microsoft
> PowerPoint files are
> not opened by default in configurations other than Microsoft
> Office 2000
> without the Microsoft Office Document Open Confirmation Tool.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue. Most sites are deploying the patches on an expedited
> basis, while
> other sites plan to deploy the patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Zero Day Initiative Advisory
>
> SecurityFocus BIDs
>
>
>
>
> ****************************************************************
>
> (6) HIGH: Microsoft Core XML Services Multiple
> Vulnerabilities (MS06-061)
> Affected:
> Microsoft XML Parser 2.6 and Microsoft XML Core Services 3.0,
> known to be used in:
> Microsoft Windows 2000 SP 4
> Microsoft Windows XP SP1/SP2
> Microsoft Windows Server 2003 SP0/SP1
>
> Description: The Microsoft XML Parser (used to parse XML
> documents) and
> Microsoft XML Core Services (used to perform operations on XML
> documents) contain multiple exploitable vulnerabilities: (1) A
> specially-crafted XSLT (Extensible Stylesheet Language
> Transformations)
> document could exploit a buffer overflow vulnerability in the XML
> parsing component and execute arbitrary code with the
> privileges of the
> current user. XSLT documents can be implicitly downloaded when viewing
> a web page, without further user interaction. (2) A specially-crafted
> web page could exploit a cross-site-scripting vulnerability in the XML
> Core Services component to bypass normal domain restrictions on web
> content.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue. Most sites are deploying the patches on an expedited
> basis, while
> other sites plan to deploy the patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Wikipedia Articles on XML and XSLT
>
>
> SecurityFocus BIDs
>
>
> ****************************************************************
>
> (8) MODERATE: Microsoft Object Packager Dialogue Spoofing
> Vulnerability (MS06-065)
> Affected:
> Microsoft Windows XP SP1/SP2
> Microsoft Windows Server 2003 SP0/SP1
>
> Description: Microsoft Object Packager, a tool that can be used to
> create software package files, contains a vulnerability. Due to a
> failure to properly validate file extensions, a specially-crafted
> package file could misrepresent the type of files being handled,
> allowing an attacker to install malicious files. Note that
> considerable
> user interaction is required to exploit this vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue. Most sites are deploying the patches on an expedited
> basis, while
> other sites plan to deploy the patch during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Microsoft Object Packager Overview
>
> l/proddocs/en-us/packager_what_is_obj_pkg.mspx
> SecurityFocus BID
>
> ****************************************************************
> ****************************************************************
>
> (11) LOW: Microsoft ASP.NET Cross Site Scripting
> Vulnerability (MS06-056)
> Affected:
> Microsoft .NET Framework 2.0
>
> Description: Microsoft ASP.NET, Microsoft's .NET-based web development
> platform, contains a cross-site scripting vulnerability. A
> malicious web
> server could execute arbitrary script code in a user's web
> browser with
> the privileges of the current user. Note that attackers must host a
> malicious site and convince users to visit this site to exploit this
> vulnerability.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue and plan to deploy during the update during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> SecurityFocus BID
>
> ****************************************************************
>
> (12) LOW: Microsoft Multiple TCP/IP Vulnerabilities (MS06-064)
> Affected:
> Microsoft Windows XP SP1/SP2
> Microsoft Windows Server 2003 SP0/SP1
>
> Description: Microsoft's implementation of TCP/IP contains multiple
> exploitable denial-of-service vulnerabilities: A
> specially-crafted ICMP
> or TCP message could cause an existing IPv6 connection to be dropped.
> Additionally, an attacker could exploit a failure to properly validate
> IPv6 TCP SYN packets, resulting in a system-wide denial-of-service
> condition. Attackers must belong to the same IPv6 network as
> the victim.
> Note that IPv6 support is not installed by default.
>
> Status: Microsoft confirmed, updates available.
>
> Council Site Actions: All reporting council sites are
> responding to this
> issue and plan to deploy during the update during their next regularly
> schedule maintenance window.
>
> References:
> Microsoft Security Bulletin
>
> Wikipedia Article on IPv6
>
> SecurityFocus BIDs
>
>
>
> ****************************************************************
>
> NOTICE: Microsoft issued Microsoft Security Bulletin MS06-063. This
> Bulletin replaces the earlier MS06-035 bulletin.
>
> ******************************************************************
>
> 06.41.1 CVE: CVE-2006-4696
> Platform: Windows
> Title: Microsoft Windows SMB Rename Remote Denial of Service
> Description: Windows is prone to a remote denial of service
> vulnerability because the Server service fails to properly handle SMB
> change requests. An attacker could exploit this issue by sending an
> "SMB RENAME" request while connected to an affected system. To exploit
> this issue, an attacker must have valid logon credentials.
> Ref:
> ______________________________________________________________________
>
> 06.41.2 CVE: CVE-2006-4685
> Platform: Windows
> Title: Microsoft XML Core Services Information Disclosure
> Description: Microsoft XML Core Services is exposed to an information
> disclosure vulnerability. This vulnerability is caused by an error in
> how server redirects are handled by the affected component. Please
> refer to the link below for further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.3 CVE: CVE-2006-2387
> Platform: Windows
> Title: Microsoft Excel DATETIME Remote Code Execution
> Description: Microsoft Excel is prone to a remote code execution
> vulnerability. This issue occurs when Excel handles .xls files with
> specifically malformed "DATETIME" records. Multiple versions of Excel
> are reported to be vulnerable. Please see the advisory for further
> information.
> Ref:
> ______________________________________________________________________
>
> 06.41.4 CVE: CVE-2006-4692
> Platform: Windows
> Title: Microsoft Windows Object Packager Remote Code Execution
> Description: The Microsoft Windows Object Packager is prone to a
> remote code execution vulnerability. This vulnerability could let an
> attacker spoof dialogues, enticing a victim into installing a file
> that has been misrepresented. Please see the advisory for further
> information.
> Ref:
> ______________________________________________________________________
>
> 06.41.5 CVE: Not Available
> Platform: Windows
> Title: Windows XML Core Services XSLT Buffer Overrun
> Description: Extensible Stylesheet Language Transformations (XSLT) is
> used to manipulate XML data or extract content that needs to be
> reused. Microsoft Windows is prone to a remotely exploitable buffer
> overrun condition in the XSLT implementation of XML core services.
> Ref:
> ______________________________________________________________________
>
> 06.41.6 CVE: CVE-2006-3651
> Platform: Microsoft Office
> Title: Microsoft Word Mail Merge Remote Code Execution
> Description: Microsoft Word is prone to a remote code execution
> vulnerability because the application fails to properly handle
> malicious mail-merge files. When Word handles specially crafted
> mail-merge files, process memory becomes corrupted, and the attacker
> supplied code may then run with the privileges of the user running the
> application.
> Ref:
> ______________________________________________________________________
>
> 06.41.7 CVE: Not Available
> Platform: Microsoft Office
> Title: Office Improper Memory Access Remote Code Execution
> Description: Microsoft Office is prone to a remote code execution
> vulnerability because the software fails to properly handle malformed
> strings in Office documents. Please see the advisory below for
> details.
> Ref:
> ______________________________________________________________________
>
> 06.41.8 CVE: CVE-2006-3650
> Platform: Microsoft Office
> Title: Microsoft Office Malformed Chart Record Remote Code Execution
> Description: Microsoft Office is exposed to a remote code execution
> vulnerability because the software fails to properly handle malformed
> chart records in Office documents. Please Refer to the link below for
> further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.9 CVE: CVE-2006-3647,CVE-2006-3651,CVE-2006-4534,CVE-2006-4693
> Platform: Microsoft Office
> Title: Word Malformed String Remote Code Execution
> Description: Microsoft Word is vulnerable to a remote code execution
> issue when handling malformed strings contained in Microsoft Word
> documents. See the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.10 CVE: CVE-2006-3867
> Platform: Microsoft Office
> Title: Microsoft Excel Lotus 1-2-3 File Handling Remote Code Execution
> Description: Microsoft Excel is prone to a remote code execution
> vulnerability. This issue occurs when Excel handles certain
> unspecified Lotus 1-2-3 files. An attacker may craft a malicious file
> to cause memory corruption and exploit this issue. Multiple versions
> of Excel are reported to be vulnerable. Please see the advisory for
> further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.11 CVE: CVE-2006-3435,CVE-2006-3876,CVE-2006-3877,CVE-2006-4694
> Platform: Microsoft Office
> Title: Microsoft PowerPoint Object Pointer Remote Code Execution
> Description: Microsoft PowerPoint is vulnerable to a remote code
> execution issue when parsing a malformed "slide notes field". See the
> advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.12 CVE: CVE-2006-3868
> Platform: Microsoft Office
> Title: Microsoft Office Smart Tag Remote Code Execution
> Description: Microsoft Office is prone to a remote code execution
> vulnerability because the software fails to properly handle malformed
> Smart Tags in Office documents. When an Office application processes
> malicious Smart Tags, process memory becomes corrupted, and the
> attacker-supplied code may then run with the privileges of the user
> running the application. Multiple versions of office are reported to
> be vulnerable. Please see the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.13 CVE: CVE-2006-3435, CVE-2006-3876, CVE-2006-3877,
> CVE-2006-4694
> Platform: Microsoft Office
> Title: Microsoft PowerPoint Data Record Remote Code Execution
> Description: Microsoft PowerPoint is prone to a remote code execution
> vulnerability. Exploiting this issue can allow remote attackers to
> execute arbitrary code on a vulnerable computer by supplying a
> malicious PowerPoint (.ppt) document to a user. The problem occurs
> when the application attempts to process a malicious PowerPoint file
> containing a malformed data record.
> Ref:
> ______________________________________________________________________
>
> 06.41.14 CVE: CVE-2006-3877
> Platform: Microsoft Office
> Title: Microsoft PowerPoint Record Improper Memory Access Remote Code
> Execution
> Description: Microsoft PowerPoint is prone to a remote code execution
> vulnerability. Attackers can trigger this issue by supplying an MSO
> Property Table that contains a count of properties that exceeds the
> size of the Property Table.
> Ref:
> ______________________________________________________________________
>
> 06.41.15 CVE: CVE-2006-3434,CVE-2006-3650,CVE-2006-3864,CVE-2006-3868
> Platform: Microsoft Office
> Title: Microsoft Office Malformed Record Remote Code Execution
> Description: Microsoft Office is vulnerable to a remote code execution
> issue due to insufficient handling of malformed records in Office
> documents. See the advisory for further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.16 CVE: CVE-2006-4693
> Platform: Microsoft Office
> Title: Microsoft Word Mac Remote Code Execution
> Description: Microsoft Word for Mac is prone to a remote
> code-execution vulnerability when parsing Word files. An attacker
> could exploit this issue by creating a Word file containing a
> malformed string that allows remote machine code to be executed.
> Microsoft Word "X" and "2004" are reported to be vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.41.17 CVE: CVE-2006-3875
> Platform: Microsoft Office
> Title: Microsoft Excel COLINFO Remote Code Execution
> Description: Microsoft Excel is prone to a remote code execution
> vulnerability. This issue occurs when Excel handles specifically
> malformed "XLS" files. Specifically, this vulnerability is triggered
> when the application parses and processes malicious files that contain
> a malformed "COLINFO" record. Successful exploits may allow remote
> attackers to execute arbitrary machine code in the context of the user
> running the application.
> Ref:
> ______________________________________________________________________
>
>
> 06.41.28 CVE: Not Available
> Platform: Linux
> Title: Red Hat Fedora Core Libtool-LTDL Relative Path Arbitrary Code
> Execution
> Description: The Red Hat Fedora Core Linux operating system is prone
> to an arbitrary code execution vulnerability due to the libtool-ltdl
> library using relative paths to resolve and load libraries. GNU
> Libtool-ltdl version 1.5.22-2.3 is reported to be vulnerable.
> Ref:
> ______________________________________________________________________
>
> 06.41.35 CVE: CVE-2006-5143
> Platform: Cross Platform
> Title: Computer Associates Products Message Engine RPC Server Multiple
> Buffer Overflow Vulnerabilities
> Description: Multiple Computer Associates products are prone to a
> heap-based buffer overflow vulnerability and a stack-based buffer
> overflow vulnerability. Please refer to the link below for details.
> Ref:
> ______________________________________________________________________
>
> 06.41.36 CVE: Not Available
> Platform: Cross Platform
> Title: CA Multiple Products Discovery Service Remote Buffer Overflow
> Vulnerabilities
> Description: Multiple Computer Associate products are vulnerable to a
> remote stack based buffer overflow issues. See the advisory for
> further details.
> Ref:
> ______________________________________________________________________
>
> 06.41.37 CVE: CVE-2006-4980
> Platform: Cross Platform
> Title: Python Repr() Function Remote Code Execution
> Description: Python is susceptible to a remote code execution
> vulnerability. The issue is due to a failure of the application to
> properly handle UTF-32/UCS-4 strings. The vulnerability exists in the
> "repr()" function.
> Ref:
> ______________________________________________________________________
>
> 06.41.40 CVE: Not Available
> Platform: Cross Platform
> Title: OpenSSH-Portable Existing Password Remote Information
> Disclosure
> Description: OpenSSH is a freely available, open source implementation
> of the Secure Shell protocol. It is reported that OpenSSH contains an
> information disclosure weakness. This issue exists in the portable
> version of OpenSSH. It is reported that it is possible to verify
> access credentials for users with an existing system password by
> measuring SSH authentication timing differences.
> Ref:
> ______________________________________________________________________
>
> 06.41.47 CVE: Not Available
> Platform: Cross Platform
> Title: Google Earth KML/KMZ Files Buffer Overflow
> Description: Google Earth is prone to a buffer overflow vulnerability.
> This issue presents itself when Google Earth tries to process
> malformed ".kml" and ".kmz" files. Google Earth version
> v4.0.2091(beta) is vulnerable to this issue.
> Ref:
> ______________________________________________________________________
>
> 06.41.120 CVE: Not Available
> Platform: Network Device
> Title: Linksys WRT54GX V2.0 WAN Port UPnP Vulnerability
> Description: The Linksys WRT54GX is a wireless router. It is
> vulnerable to unauthorized configuration changes via the Universal
> Plug and Play (UPnP) because UPnP is available to both the LAN and WAN
> interface. Linksys WRT54GX with firmware version 2.00.05 is
> vulnerable.
> Ref:
