Hello, and welcome once again to themonthly Microsoft patch roundup. This month’s release is relativelylight, with six bulletins available addressing a total of ninevulnerabilities.
1. Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (KB923810)
CVE-2007-2217, BID 25909
Microsoft Windows Kodak Image Viewer Remote Code Execution Vulnerability
(MS Rating: Critical; Symantec Urgency Rating: 7)
This is a client-side, remote code execution vulnerability in theKodak Image Viewer when viewing specially crafted image files. Anattacker can exploit this issue to execute arbitrary code in thecontext of the victim running the affected application. A victim wouldneed to view a malicious image to trigger this vulnerability.
Windows XP and Windows 2003 installations are only vulnerable if they were upgraded from Windows 2000.
Affected Products:
Windows 2000 Server SP4; Windows XP SP2; and Windows Server 2003 SP1 & SP2
2. Vulnerability in RPC Could Allow Denial of Service (KB933729)
CVE-2007-2228, BID 25974
Microsoft Windows RPC NTLMSSP Remote Denial Of Service Vulnerability
(MS Rating: Important; Symantec Urgency Rating: 6)
This is a denial-of-service vulnerability affecting RPC (remoteprocedure call). This issue occurs in NTLM when handling malformedpackets using the NTLMSSP authentication type. This is due to a failurein communicating with the NTLM security provider when performingauthentication of RPC requests. An attacker could exploit this issue tocause the vulnerable computer to stop responding and restart.
Affected Products:
Windows 2000 SP4; Windows XP SP1, SP2; & x64 Edition; WindowsServer 2003, SP1 & x64 Edition; Windows Server 2003 forItanium-based Systems & SP1; Windows Vista and Windows Vista x64Edition
3. Cumulative Security Update for Internet Explorer (KB939653)
This update addresses a total of four vulnerabilities, one of whichcan lead to attacker-supplied code being executed in the context of theuser, and three of which involve an attacker being able to spoof thecontents of the address bar.
CVE-2007-3893, BID 25916
Microsoft Internet Explorer Script Error Handling Memory Corruption
(MS Rating: Critical; Symantec Urgency Rating: 7)
This is a client-side, remote code execution vulnerability inInternet Explorer. This issue occurs when the application attempts toaccess memory that has already been freed when handling script errors.An attacker could exploit this issue to execute arbitrary code in thecontext of the user running Internet Explorer.
Affected Products:
Internet Explorer 5.01, 6 and 7
The following three items all are different ways an attacker couldfalsify the content displayed in the address bar of the browser – apotentially effective addition to phishing sites. When navigating awayfrom a site, the content displayed will stay the same but the addressbar and other attributes will show the intended destination site. Inall of these, if the victim user were to interact with the content inthe browser window, the address bar would be updated to reflect theactual location of the loaded document. All of these also affect IE5.01, 6, and 7.
CVE-2007-1091, BID 22680
Microsoft Internet Explorer OnUnload Javascript Browser Entrapment
Vulnerability
(MS Rating: Moderate; Symantec Urgency Rating: 7)
This is the oldest of the three issues, having been initiallyreported publicly on Feb 22 of this year. This issue is due to an errorin the JavaScript 'onUnload' handler.
CVE-2007-3826 (BID 24911)
Microsoft Internet Explorer OnBeforeUnload Javascript Browser Entrapment Vulnerability
(MS Rating: Moderate; Symantec Urgency Rating: 7)
This method was originally publicly disclosed on July 14 of thisyear, and is due to an error in the JavaScript 'onBeforeUnload' handler.
CVE-2007-3892 BID 25915
Microsoft Internet Explorer Address Bar Spoofing Vulnerability
(MS Rating: Moderate; Symantec Urgency Rating: 5)
This third method has not been publicly discussed prior to therelease of this update. As such, no exploit information is known toexist in the wild.
4. Cumulative Security Update for Outlook Express and Windows (KB941202)
CVE-2007-3897, BID 25908
Microsoft Outlook Express And Windows Mail NNTP Remote Code Execution
(MS Rating: Critical, Symantec Urgency Rating 7)
This is a client-side remote code execution vulnerability in OutlookExpress and Windows Mail. This issue is due to a failure to properlyhandle malformed NNTP (Network News Transfer Protocol) responses. Anattacker who tricks an unsuspecting victim into a viewing a maliciouswebpage could exploit this issue to execute arbitrary code in thecontext of the victim.
Affected Products:
Outlook Express 5.5
Outlook Express 6
Windows Mail
Windows XP & SP2
Windows XP Professional x64 Edition & SP2
Windows 2000 Service Pack 4
Windows Server 2003 SP1 & SP2
Windows Server 2003 x64 Edition & SP2
Windows Server 2003 with SP1 for Itanium-based Systems & SP2
Windows Vista
Windows Vista x64 Edition
5. Vulnerability in Windows SharePoint Services 3.0 andOffice SharePoint Server 2007 Could Result in Elevation of Privilegewithin the SharePoint Site (KB942017)
CVE-2007-2581 (BID 23832)
Microsoft SharePoint Server Cross-Site Scripting Vulnerability
(MS Rating: Important; Symantec Urgency Rating: 7)
This is a cross-site scripting vulnerability in SharePoint Services,initially published on May 4.An attacker could exploit this issue toexecute arbitrary script code in the context of the affected SharePointsite.
Affected Products:
Microsoft Windows SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007
6. Vulnerability in Microsoft Office Could Allow Remote Code Execution (KB942695)
CVE-2007-3899, BID 25906
Microsoft Word Workspace Memory Corruption Remote Code Execution
Vulnerability
(MS Rating: Critical; Symantec Urgency Rating: 7)
This is a remote code execution vulnerability affecting Word. Anattacker must entice an unsuspecting victim into opening a maliciousWord file with malformed strings, to exploit this issue.
This could also result in a denial-of-service in Microsoft Office 2003. Microsoft does not list this in the affected packages.
Affected Products:
Microsoft Office 2000, Microsoft Office XP, and Microsoft Office 2004 for Mac
As always, more information on each of these specific issues is available at http://www.securityfocus.com or via the DeepSight services. Cheers, and may all your roll-outs go smoothly.