34 KBMicrosoft Security Bulletins
April 2006
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
April 2006
Microsoft Security Bulletin MS06-013
Cumulative Security Update for Internet Explorer (912812)
Severity: CriticalVulnerabilities:
- Internet Explorer DHTML Method Call Memory Corruption Vulnerability - CVE-2006-1359
A remote code execution vulnerability exists in Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer Multiple Event Handler Memory Corruption Vulnerability - CVE-2006-1245
A remote code execution vulnerability exists in the way Internet Explorer handles multiple event handlers in an HTML element. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer HTA Execution Vulnerability - CVE-2006-1388
A remote code execution vulnerability exists Internet Explorer. An HTML Application (HTA) can be initiated in a way the bypass the security control within Internet Explorer allowing an HTA to execute without Internet Explorer displaying the normal Security dialog. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer HTML Parsing Vulnerability - CVE-2006-1185
A remote code execution vulnerability exists in the way Internet Explorer handles specially crafted invalid HTML. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-1186
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer HTML "PRE" Tag Memory Corruption Vulnerability - CVE-2006-1188
A remote code execution vulnerability exists in the way Internet Explorer handles HTML elements containing a specially crafted "PRE" Tag. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer Double Byte Character Parsing Memory Corruption Vulnerability - CVE-2006-1189
A remote code execution vulnerability exists in the way Internet Explorer handles Double Byte Characters in specially crafted Internet addresses. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer Script Execution Vulnerability - CVE-2006-1190
A remote code execution vulnerability exists in the way Internet Explorer returns IOleClientSite information when an embedded object is dynamically created. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Internet Explorer Cross-Domain Information Disclosure Vulnerability - CVE-2006-1191
An information disclosure vulnerability exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially lead to information disclosure if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could read cookies or other data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability. - Internet Explorer Address Bar Spoofing Vulnerability - CVE-2006-1192
A spoofing vulnerability exists Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI has been navigated away from the attacker’s Web site but the content of the Window still contains the attacker’s Web page.
Microsoft Security Bulletin MS06-014
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)
Severity: CriticalVulnerabilities:
- Microsoft Windows MDAC Vulnerability - CVE-2006-0003
A remote code execution vulnerability exists in the RDS.Dataspace ActiveX object that is provided as part of the ActiveX Data Objects (ADO) and distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS06-015
Vulnerability in Windows Explorer Could Allow Remote Code Execution
Severity: CriticalVulnerabilities:
- Windows Shell Vulnerability - CVE-2006-0012
A remote code execution vulnerability exists in Windows Explorer because of the way that it handles COM objects. An attacker could exploit the vulnerability by constructing a malicious folder named with the GUID of a COM Object that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS06-016
Cumulative Security Update for Outlook Express (911567)
Severity: ImportantVulnerabilities:
- Microsoft Outlook Express when using a Windows Address Book File Vulnerability - CVE-2006-0014
A remote code execution vulnerability exists in Outlook Express when using a Windows Address Book (.wab) file that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
Microsoft Security Bulletin MS06-017
Vulnerability Using Microsoft Front Page Server Extensions Could Allow Cross Site Scripting (908981)
Severity: ModerateVulnerabilities:
- Cross Site Scripting Front Page Server Extension Vulnerability - CVE-2006-0015
A cross-site scripting vulnerability exists in Front Page Server Extension because of the way that it handles HTML validation. The cross-site scripting vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability could take complete control of an affected system.