Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1282
    posted: 10/10/08
  • NSM Daily Update #1282
    posted: 10/10/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1282
    posted: 10/10/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1274
    posted: 10/10/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 10/10/08
Microsoft Security Bulletins

February 2007

Prior Updates:

2008 |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

February 2007

Microsoft Security Bulletin MS07-005

Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

Severity: Important
Vulnerabilities:
  • Interactive Training Vulnerability - CVE-2006-3448
    A remote code execution vulnerability exists in Step-by-Step Interactive Training because of the way that Step-by-Step Interactive Training handles bookmark link files. An attacker could exploit the vulnerability by constructing a specially crafted bookmark link file that could potentially allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS07-006

Vulnerability in Windows Shell Could Allow Elevation of Privilege (928255)

Severity: Important
Vulnerabilities:
  • Windows Shell Hardware Detection Vulnerability - CVE-2007-0211
    A privilege elevation vulnerability exists in Windows Shell in the way that the operating system performs detection and registration of new hardware. This vulnerability could allow an authenticated user to take complete control of the system.

Microsoft Security Bulletin MS07-007

Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege (927802)

Severity: Important
Vulnerabilities:
  • Windows Image Acquisition Vulnerability - CVE-2007-0210:
    A privilege elevation vulnerability exists in Windows XP Service Pack 2 in the way that the Window Image Acquisition Service starts applications. This vulnerability could allow a logged on user to take complete control of the system.

Microsoft Security Bulletin MS07-008

Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution (928843)

Severity: Critical
Vulnerabilities:
  • HTML Help ActiveX Control Vulnerability - CVE-2007-0214
    A remote code execution vulnerability exists in the HTML Help ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited that page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS07-009

Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution (927779)

Severity: Critical
Vulnerabilities:
  • Microsoft Windows MDAC ActiveX Vulnerability - CVE-2006-5559
    A remote code execution vulnerability exists in the ADODB.Connection ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS07-010

Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution (932135)

Severity: Critical
Vulnerabilities:
  • Microsoft Malware Protection Engine Vulnerability - CVE-2006-5270
    A remote code execution vulnerability exists in the Microsoft Malware Protection Engine because of the way that it parses Portable Document Format (PDF) files. An attacker could exploit the vulnerability by constructing a specially crafted PDF File that could potentially allow remote code execution when the target computer system receives, and the Microsoft Malware Protection Engine scans, the PDF file.

Microsoft Security Bulletin MS07-011

Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution (926436)

Severity: Important
Vulnerabilities:
  • OLE Dialog Memory Corruption Vulnerability - CVE-2007-0026
    A remote code execution vulnerability exists in the OLE Dialog component provided with Microsoft Windows. An attacker could attempt to exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file.

Microsoft Security Bulletin MS07-012

Vulnerability in Microsoft MFC Could Allow Remote Code Execution (924667)

Severity: Important
Vulnerabilities:
  • MFC Memory Corruption Vulnerability - CVE-2007-0025
    A remote code execution vulnerability exists in the MFC component provided with Microsoft Windows and Visual Studio. An attacker could exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative rights.

Microsoft Security Bulletin MS07-013

Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution (918118)

Severity: Important
Vulnerabilities:
  • Microsoft RichEdit Vulnerability - CVE-2006-1311:
    A remote code execution vulnerability exists in the RichEdit components provided with Microsoft Windows and Microsoft Office. An attacker could exploit this vulnerability when a user interacts with a malformed embedded OLE object within a Rich Text Format (RTF) file. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS07-014

Vulnerabilities in Microsoft Word Could Allow Remote Code Execution (929434)

Severity: Critical
Vulnerabilities:
  • Word Malformed String Vulnerability - CVE-2006-5994
    A remote code execution vulnerability exists in the way Microsoft Word handles Word files with a specially crafted string. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
  • Word Malformed Data Structures Vulnerability - CVE-2006-6456
    A remote code execution vulnerability exists in the way Microsoft Word handles Word files with a specially crafted data structure. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability.
  • Word Count Vulnerability – CVE-2006-6561
    A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability when Word parses a file and processes an unchecked count. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability.
  • Word Macro Vulnerability – CVE-2007-0208
    A remote code execution vulnerability exists in Microsoft Word. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
  • Word Malformed Drawing Object Vulnerability - CVE-2007-0209
    A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability when Word parses a file and processes a malformed drawing object. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious Web site. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
  • Word Malformed Function Vulnerability - CVE-2007-0515
    A remote code execution vulnerability exists in Microsoft Word. An attacker could exploit this vulnerability when Word parses a file and processes a malformed function. Such a specially crafted file might be included as an e-mail attachment or hosted on a malicious web site. Viewing or previewing a malformed e-mail message in an affected version of Outlook could not lead to exploitation of this vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.

Microsoft Security Bulletin MS07-015

Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (932554)

Severity: Critical
Vulnerabilities:
  • PowerPoint Malformed Record Memory Corruption Vulnerability - CVE-2006-3877
    A remote code execution vulnerability exists in PowerPoint and could be exploited when PowerPoint opened a specially crafted file. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted PowerPoint file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
  • Excel Malformed Record Vulnerability - CVE-2007-0671
    A remote code execution vulnerability exists in Excel and could be exploited when Excel opened a specially crafted file. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

Microsoft Security Bulletin MS07-016

Cumulative Security Update for Internet Explorer (928090)

Severity: Critical
Vulnerabilities:
  • COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-4697
    A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0219
    A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • FTP Server Response Parsing Memory Corruption Vulnerability - CVE-2007-0217
    A remote code execution vulnerability exists in the way Internet Explorer interprets certain responses from FTP servers. An attacker could exploit the vulnerability by sending specially crafted FTP responses in an FTP session to the FTP client included in Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.