Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1277
    posted: 10/06/08
  • NSM Daily Update #1277
    posted: 10/06/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1277
    posted: 10/06/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1274
    posted: 10/06/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 10/05/08
Microsoft Security Bulletins

July 2006

Prior Updates:

2008 |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

July 2006

Microsoft Security Bulletin MS06-033

Vulnerability in ASP.NET Could Allow Information Disclosure (917283)

Severity: Important
Vulnerabilities:
  • .NET 2.0 Application Folder Information Disclosure Vulnerability - CVE-2006-1300
    This Information Disclosure vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folders explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.

Microsoft Security Bulletin MS06-034

Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537)

Severity: Important
Vulnerabilities:
  • Internet Information Services Using Malformed Active Server Pages Vulnerability - CVE-2006-0026
    There is a remote code execution vulnerability in Internet Information Services (IIS). An attacker could exploit the vulnerability by constructing a specially crafted Active Server Pages (ASP) file, potentially allowing remote code execution if the Internet Information Services (IIS) processes the specially crafted file. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS06-035

Vulnerability in Server Service Could Allow Remote Code Execution (917159)

Severity: Critical
Vulnerabilities:
  • Mailslot Heap Overflow Vulnerability - CVE-2006-1314
    There is a remote code execution vulnerability in the Server driver that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
  • SMB Information Disclosure Vulnerability - CVE-2006-1315
    There is an information disclosure vulnerability in the Server service that could allow an attacker to view fragments of memory used to store SMB traffic during transport.

Microsoft Security Bulletin MS06-036

Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388)

Severity: Critical
Vulnerabilities:
  • Buffer Overrun in DHCP Client Service Vulnerability - CVE-2006-2372
    There is a remote code execution vulnerability in the DHCP Client Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Microsoft Security Bulletin MS06-037

Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285)

Severity: Critical
Vulnerabilities:
  • Microsoft Excel Malformed SELECTION record Vulnerability - CVE-2006-1301
    A remote code execution vulnerability exists in Excel using a malformed SELECTION record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Excel Malformed SELECTION record Vulnerability - CVE-2006-1302
    A remote code execution vulnerability exists in Excel using a SELECTION record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Excel Malformed COLINFO record Vulnerability - CVE-2006-1304
    A remote code execution vulnerability exists in Excel using a malformed COLINFO record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Excel Malformed OBJECT Record Vulnerability - CVE-2006-1306
    A remote code execution vulnerability exists in Excel using an OBJECT record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Excel Malformed FNGROUPCOUNT Value Vulnerability - CVE-2006-1308
    A remote code execution vulnerability exists in Excel using a malformed FNGROUPCOUNT value file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Excel Malformed LABEL record Vulnerability - CVE-2006-1309
    A remote code execution vulnerability exists in Excel using a malformed LABEL record file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
  • Microsoft Excel Rebuilding Vulnerability - CVE-2006-2388
    A remote code execution vulnerability exists in Excel that results from the processing of a malformed Chart file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.
  • Microsoft Excel Malformed file Vulnerability - CVE-2006-3059
    A remote code execution vulnerability exists in Excel using a malformed file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.

Microsoft Security Bulletin MS06-038

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284)

Severity: Critical
Vulnerabilities:
  • Microsoft Office Parsing Vulnerability - CVE-2006-1316
    A remote code execution vulnerability exists in Office, and could be exploited when a malformed string included in an Office file was parsed by any of the affected Office applications. Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site. Viewing or previewing a malformed email message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Office Remote Code Execution Using Malformed String Parsing Vulnerability - CVE-2006-1540
    A remote code execution vulnerability exists in Office, when malformed strings are parsed. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Office Property Vulnerability - CVE-2006-2389
    A remote code execution vulnerability exists in Office, and could be exploited when a malformed property included in an Office file was parsed by any of the affected Office applications. Such a property might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site. Viewing or previewing a malformed email message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS06-039

Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384)

Severity: Critical
Vulnerabilities:
  • Microsoft Office Remote Code Execution Using a Malformed PNG Vulnerability - CVE-2006-1540
    A remote code execution vulnerability exists in Office using a PNG file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Microsoft Office Remote Code Execution Using a Malformed GIF Vulnerability - CVE-2006-1540
    A remote code execution vulnerability exists in Office using a GIF file. An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.