-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-164A
Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and
Exchange Vulnerabilities
Original release date: June 13, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Windows Media Player
* Microsoft Internet Explorer
* Microsoft PowerPoint for Windows and Mac OS X
* Microsoft Word for Windows
* Microsoft Office
* Microsoft Works Suite
* Microsoft Exchange Server Outlook Web Access
For more complete information, refer to the Microsoft Security
Bulletin Summary for June 2006.
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows, Word, PowerPoint, Media Player, Internet
Explorer, and Exchange Server. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute arbitrary
code or cause a denial of service on a vulnerable system.
I. Description
Microsoft Security Bulletin Summary for June 2006 addresses
vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player,
Internet Explorer, and Exchange Server. Further information is
available in the following US-CERT Vulnerability Notes:
VU#722753 - Microsoft IP Source Route Vulnerability
A vulnerability in Microsoft Windows could allow a remote attacker to
execute arbitrary code on a vulnerable system.
(CVE-2006-2379)
VU#446012 - Microsoft Word object pointer memory corruption
vulnerability
A memory corruption vulnerability in Microsoft Word could allow a
remote attacker to execute arbitrary code with the privileges of the
user running Word.
(CVE-2006-2492)
VU#190089 - Microsoft PowerPoint malformed record vulnerability
Microsoft PowerPoint fails to properly handle malformed records. This
may allow a remote attacker to execute arbitrary code on a vulnerable
system.
(CVE-2006-0022)
VU#923236 - Microsoft Windows ART image handling buffer overflow
Microsoft Windows ART image handling routines are vulnerable to a
heap-based buffer overflow. This vulnerability may allow a remote,
unauthenticated attacker to execute arbitrary code on a vulnerable
system.
(CVE-2006-2378)
VU#390044 - Microsoft JScript memory corruption vulnerability
Microsoft JScript contains a memory corruption vulnerability. This
vulnerability may allow a remote, unauthenticated attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-1313)
VU#338828 - Microsoft Internet Explorer exception handling
vulnerability
Microsoft Internet Explorer fails to properly handle exception
conditions. This may allow a remote, unauthenticated attacker to
execute arbitrary code.
(CVE-2006-2218)
VU#417585 - Microsoft DXImageTransform Light filter fails to validate
input
The Microsoft DXImageTransform Light COM object fails to validate
input, which may allow a remote attacker to execute arbitrary code on
a vulnerable system.
(CVE-2006-2383)
VU#959049 - Multiple COM objects cause memory corruption in Microsoft
Internet Explorer
Microsoft Internet Explorer (IE) allows instantiation of COM objects
not designed for use in the browser, which may allow a remote attacker
to execute arbitrary code or crash IE.
(CVE-2006-2127)
VU#136849 - Microsoft Internet Explorer UTF-8 decoding vulnerability
Microsoft Internet Explorer fails to properly decode UTF-8 encoded
HTML. This may allow a remote, unauthenticated attacker to execute
arbitrary code on a vulnerable system.
(CVE-2006-2382)
VU#909508 - Microsoft Graphics Rendering Engine fails to properly
handle WMF images
Microsoft Windows Graphics Rendering Engine contains a vulnerability
that may allow a remote attacker to execute arbitrary code on a
vulnerable system.
(CVE-2006-2376)
VU#608020 - Microsoft Windows Media Player PNG processing buffer
overflow
Microsoft Windows Media Player contains a stack-based buffer overflow
vulnerability that may allow a remote, unauthenticated attacker to
execute arbitrary code on a vulnerable system.
(CVE-2006-0025)
VU#814644 - Microsoft Remote Access Connection Manager service
vulnerable to buffer overflow
A vulnerability in the Microsoft Remote Access Connection Manager may
allow a remote attacker to execute arbitrary code on a vulnerable
system.
(CVE-2006-2371)
VU#631516 - Microsoft Routing and Remote Access does not properly
handle RPC requests
There is a vulnerability in the Microsoft Windows Routing and Remote
Access Service that could allow an attacker to take control of the
affected system.
(CVE-2006-2370)
VU#138188 - Microsoft Outlook Web Access for Exchange Server script
injection vulnerability
A script injection vulnerability exists in Microsoft Exchange Server
running Outlook Web Access.
(CVE-2006-1193)
In MS06-027 Microsoft has released updates for the Word vulnerability
described in Technical Cyber Security Alert TA06-139A.
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.
III. Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the
Security Bulletins. Microsoft Windows updates are available on the
Microsoft Update site.
Workarounds
Please see the US-CERT Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for June 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx>
* Technical Cyber Security Alert TA06-139A -
<http://www.us-cert.gov/cas/techalerts/TA06-139A.html>
* US-CERT Vulnerability Notes for Microsoft Updates for June 2006 -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-june>
* US-CERT Vulnerability Note VU#446012 -
<http://www.kb.cert.org/vuls/id/446012>
* US-CERT Vulnerability Note VU#190089 -
<http://www.kb.cert.org/vuls/id/190089>
* US-CERT Vulnerability Note VU#923236 -
<http://www.kb.cert.org/vuls/id/923236>
* US-CERT Vulnerability Note VU#390044 -
<http://www.kb.cert.org/vuls/id/390044>
* US-CERT Vulnerability Note VU#338828 -
<http://www.kb.cert.org/vuls/id/338828>
* US-CERT Vulnerability Note VU#417585 -
<http://www.kb.cert.org/vuls/id/417585>
* US-CERT Vulnerability Note VU#136849 -
<http://www.kb.cert.org/vuls/id/136849>
* US-CERT Vulnerability Note VU#909508 -
<http://www.kb.cert.org/vuls/id/909508>
* US-CERT Vulnerability Note VU#722753 -
<http://www.kb.cert.org/vuls/id/722753>
* US-CERT Vulnerability Note VU#959049 -
<http://www.kb.cert.org/vuls/id/959049>
* US-CERT Vulnerability Note VU#138188 -
<http://www.kb.cert.org/vuls/id/138188>
* US-CERT Vulnerability Note VU#608020 -
<http://www.kb.cert.org/vuls/id/608020>
* US-CERT Vulnerability Note VU#814644 -
<http://www.kb.cert.org/vuls/id/814644>
* US-CERT Vulnerability Note VU#631516 -
<http://www.kb.cert.org/vuls/id/631516>
* CVE-2006-2492 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2492>
* CVE-2006-0022 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0022>
* CVE-2006-2378 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2378>
* CVE-2006-1313 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1313>
* CVE-2006-2218 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2218>
* CVE-2006-2383 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2383>
* CVE-2006-2127 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2127>
* CVE-2006-2382 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2382>
* CVE-2006-2376 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2376>
* CVE-2006-2379 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2379>
* CVE-2006-1193 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1193>
* CVE-2006-0025 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0025>
* CVE-2006-2371 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2371>
* CVE-2006-2370 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
* Securing Your Web Browser -
<http://www.us-cert.gov/reading_room/securing_browser/#Internet_Ex
plorer>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-164A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <cert@xxxxxxxx> with "TA06-164A Feedback VU#390044" in the
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
June 13, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRI8+kn0pj593lg50AQKHOwgAvRyUSM1UUAm9rMCEqmqK2F7Nc0zmyBF/
LJQMV04M44DBzO/uAJvj1Bagsg1+eCQB9L86qL3WzKZev200gkYUki1xOJ/S7yv2
8K3ovQ9g2HFTuovw6tO2GE6EO5tWyGO0RjW4juEIe03vUF8rvkBzhQFjl4YCK7Lk
J+O3eula74ZcDExuT/8tzbYmUnW2V5YB4n8THdZmwUcQBG8HgCiYBeA5Ne0Gs2/l
FqcGY6/GcileVChU98p3GBQWp8B+WSUSxGSFEmRl4BnRhB0Me8/RmJt0+Bxs+RJP
mokjmXu0dBFZUAMP0drS1ZBnhu8/s2jo0gvu5qoDmL4el5Y1Lj6bGA==
=k+F0
-----END PGP SIGNATURE-----
