Endpoint Protection

 View Only

Microsoft Patch Tuesday: August 2007 

Aug 14, 2007 03:00 AM

This month Microsoft has released nine security bulletins. All ofthese vulnerabilities could let an attacker execute arbitrary code onan affected computer. All of the issues are also classified as“client-side vulnerabilities”, meaning that they require someinteraction on the part of the user for exploitation to occur. Thiswill usually entail visiting a malicious Web page or opening amalicious file that is sent through email or other means.

Microsoft’s summary of the bulletins can be found here.

  1. MS07-042 Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (936227)

    This bulletin consists of a code execution vulnerability(CVE-2007-2223/BID 25301) affecting Microsoft XML Core Services.Attackers could exploit this issue through a malicious Web page.

    Affects: Microsoft XML Core Services 3.0/4.0/6.0 on Windows2000/XP/Server 2003/Vista, Microsoft XML Core Services 5.0 viaMicrosoft Office 2003/2007/Office SharePoint Server/Office GrooveServer 2007.

  2. MS07-043: Vulnerability in OLE Automation Could Allow Remote Code Execution (921503)

    This bulletin addresses one issue (CVE-2007-2224/BID 25282), a codeexecution vulnerability affected OLE (Object Linking and Embedding)Automation. This issue is exploitable through Internet Explorer. Asuccessful exploit will let the attacker run arbitrary code as thecurrently logged in user.

    Affects: Windows 2000/XP/Server 2003, Microsoft Office 2004 for Mac, Microsoft Visual Basic 6.0.

  3. MS07-044: Vulnerability in Microsoft Excel Could Allow Remote Code Execution (940965)

    The one vulnerability (CVE-2007-3890/BID 25280) is a code executionvulnerability in Microsoft Excel. This is a memory corruption issuethat may be triggered by a malformed index value within a workspace.This vulnerability can be exploited by a malicious Excel file, whichmay be hosted on a Web page, sent through email, or transmitted to thevictim through other means.

    Affects: Microsoft Office 2000/Excel 2000, Microsoft Office XP/Excel2002, Microsoft Office 2003/Excel 2003, Microsoft Excel Viewer 2003,Microsoft Office 2004 for Mac.

  4. MS07-045: Cumulative Security Update for Internet Explorer (937143)

    This cumulative security update consists of three vulnerabilitiesaffecting Internet Explorer and three vulnerabilities affectingthird-party ActiveX controls.

    The first issue (CVE-2007-0943/BID 25288) is a code executionvulnerability affecting Internet Explorer. This vulnerability may betriggered by malformed CSS (cascading style sheet) strings within anHTML document.

    Affects: Internet Explorer 5.01 on Windows 2000.

    The second issue (CVE-2007-2216/BID 25289) affects the tblinf32.dllActiveX object associated with Visual Basic 6. Microsoft notes thatthis control is also found under ‘vstlbinf.dll’. The vulnerability canalso be exploited by a malicious Web page.

    Affects: Internet Explorer 5.01/6/7 on Windows 2000/XP/Server 2003/Vista.

    The third issue (CVE-2007-3041/BID 25295) is a code executionvulnerability affecting the ‘pdwizard.ocx’ ActiveX control associatedwith Visual Basic 6. This issue can be exploited by a malicious Webpage that invokes the vulnerable control.

    Affects: Internet Explorer 5.01/6/7 on Windows 2000/XP/Server 2003/Vista.

    Microsoft will also be setting the kill-bit on a number of third-partyActiveX controls to address vulnerabilities. The first vulnerability(CVE-2007-1891, CVE-2007-1892/BID 23522) affects the AkamaiTechnologies Download Manager. This is a publicly known issue thatcould let attackers execute arbitrary code. The second vulnerability(BID 25311) affects the Lenovo ActiveX control. The last vulnerability(BID 25312) affects the Motive Incorporated ActiveX control. Microsofthas not provided any additional details about these vulnerabilities.

    It’s always a good idea to install these cumulative security updatesfor Internet Explorer because they roll up previous patches and oftenalso address third-party vulnerabilities.

  5. MS07-046: Vulnerability in GDI Could Allow Remote Code Execution (938829)

    This is a critical code execution vulnerability (CVE-2007-3034/BID25302) in the Microsoft Windows GDI graphics rendering engine library.It may be triggered by a malicious WMF (Windows Metafile) image. Thevictim of the attack must open a maliciously crafted image forexploitation to occur. Malicious images would likely be sent as emailattachments.

    There is a possibility that the affected component may ship withsome third-party applications. In the past, Microsoft has released aGDI tool to detect vulnerable versions of the library. It is not knownif Microsoft will be taking this measure but administrators should beaware that other applications may contain a vulnerable version of thelibrary and follow up with the appropriate vendors to determine if theyare affected by this vulnerability.

    Affects: Microsoft Windows 2000/XP/Server 2003 (excluding SP2).

  6. MS07-047: Vulnerability in Windows Media Player Could Allow Remote Code Execution (936782)

    This bulletin addresses two vulnerabilities in Windows Media Playerthat are similar in nature. The first issue (CVE-2007-3037/BID 25305)is related to how Windows Media Player skin files (with the WMZ and WMDextensions) are parsed by the application. The second issue(CVE-2007-3035/BID 25307) is related to how header information ishandled when skin files are decompressed. Both vulnerabilities will letan attacker execute arbitrary code if successfully exploited. However,for an attack to be successful, the victim must download and then viewor apply the malicious skin files. Users will be presented with with a“Windows Media Download” dialog prior to installation of a skin file.

    Affects: Microsoft Windows Media Player 7.1/9/10/11 on Microsoft Windows 2000/XP/Server 2003/Vista.

  7. MS07-048: Vulnerabilities in Windows Gadgets Could Allow Remote Code Execution (938123)

    Three code execution vulnerabilities affect the new Windows Gadgetsfeature for Windows Vista. These appear to be the first vulnerabilitiesto affect this feature. The first vulnerability (CVE-2007-3033/BID25287) affects the Feeds Headline Gadget. The second vulnerability(CVE-2007-3032/BID 25304) affects the Contacts Gadget. The lastvulnerability (CVE-2007-3891/BID 25306) affects the Weather Gadget.These vulnerabilities are fairly similar in that they require the userto manually enable each Gadget and then interact with malicious contentfor exploitation to occur. In the case of the Feeds Headline andWeather Gadget issues, the vulnerability is related to parsing of HTMLattributes in content supplied to the Gadget. The Contacts Gadget issuecan be triggered when malformed contact data is imported into theGadget.

    Affects: Windows Vista (including x64 Edition).

  8. MS07-049: Vulnerability in Virtual PC and Virtual Server Could Allow Elevation of Privilege (937986)

    This bulletin addresses a heap overflow vulnerability(CVE-2007-0948/BID 25298) in Virtual PC and Virtual Server. This is alocally exploitable code execution vulnerability that could allowsomeone with administrative access in a guest operating system to gainelevated privileges. Therefore, a successful exploit would most likelyoccur as part of a multi-staged attack where the attacker compromises aguest operating system prior to exploiting this vulnerability.

    This issue may present a concern in deployments where virtualmachines are used as honeypots or as a sandbox as it could letattackers compromise other guest operating systems or the host server.

    Affects: Microsoft Virtual PC 2004, Microsoft Virtual PC ServerStandard and Enterprise Editions 2005/2005 R2, Microsoft Virtual PC forMac Version 6.1/7.

  9. MS07-050: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

    This is a code execution vulnerability (CVE-2007-1749/BID 25310)affecting the VML (Vector Markup Language) component of MicrosoftWindows. The vulnerability is due to a buffer overflow in the vectorgraphics link library (vgx.dll). This component may be accessed throughInternet Explorer, making this issue exploitable through a maliciousWeb page. Due to the prevalence and reliability of previous exploitsaffecting the VML component, Symantec considers this vulnerabilitycritical.

    Affects: Microsoft Internet Explorer 5.01/6/7 on Windows 2000/XP/Server 2003/Vista.

Further information about these vulnerabilities is provided bySymantec through the free SecurityFocus portal and to our customersthrough DeepSight Alerts.

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Related Entries and Links

No Related Resource entered.