CA Security Advisor Research Blog

On Tuesday, October 10, 2006 Microsoft released 10 bulletins addressing 26 vulnerabilities in Microsoft Windows, Office technologies, XML Core Services, and ASP.NET. Six bulletins are rated as critical, one important, two moderate, and one low.

Office vulnerabilities on the rise

Making up the bulk of the October release are vulnerabilities in Word, PowerPoint, Excel, and Office, with Microsoft releasing 4 bulletins covering 16 issues. Application security researchers have definitely turned their attention to the Office suite as Microsoft has patched Office products for the fourth month in a row. Compared with the same July through October time frame from 2005, Microsoft has released 10 bulletins associated with an Office application this year versus only one from last year. Future months will show if this trend persists.

Known outstanding vulnerabilities

Microsoft addressed advisories 926043, 925984, 925059 this month. All of these advisories describe vulnerabilities that have exploits in the wild and are being actively exploited. However, the vulnerability in advisory 925444 has not yet been patched. With active exploitation, we might see an out of band bulletin release in the near future. In the meantime, refer to CAID 34564 for workaround information.

And now, the full list of October bulletins:

Bulletin: MS06-056
Title: Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure
Rating: Moderate
KB: 922770
Affected Technologies: Microsoft .Net Framework 2.0 on Windows 2000, XP, and 2003
.NET Framework 2.0 Cross-Site Scripting Vulnerability - CVE-2006-3436

Bulletin: MS06-057
Title: Vulnerability in Windows Explorer Could Allow Remote Execution
Rating: Critical
KB: 923191
Affected Technologies: Microsoft Windows 2000, XP, and 2003
Windows Shell Remote Code Execution Vulnerability - CVE-2006-3730

Bulletin: MS06-058
Title: Vulnerabilities in Microsoft PowerPoint Could Allow Remote Code Execution
Rating: Critical
KB: 924163
Affected Technologies: PowerPoint 2000, 2002, 2003, 2004 for Mac, v. X for Mac
PowerPoint Malformed Object Pointer Vulnerability - CVE-2006-3435
PowerPoint Malformed Data Record Vulnerability - CVE-2006-3876
PowerPoint Malformed Record Memory Corruption Vulnerability - CVE-2006-3877
PowerPoint Malformed Record Vulnerability - CVE-2006-4694

Bulletin: MS06-059
Title: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
Rating: Critical
KB: 924164
Affected Technologies: Excel 2000, Excel 2002, Excel 2003, Excel 2003 Viewer, Excel 204 for Mac, Excel v. X for Mac, Microsoft Works 2004, 2005, 2006
Excel Malformed DATETIME Record Vulnerability - CVE-2006-2387
Excel Malformed STYLE Record Vulnerability - CVE-2006-3431
Excel Handling of Lotus 1-2-3 File Vulnerability - CVE-2006-3867
Excel Malformed COLINFO Record Vulnerability - CVE-2006-3875

Bulletin: MS06-060
Title: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
Rating: Critical
KB: 924554
Affected Technologies: Word 2000, 2002, 2003, Works 2004, 2005, 2006, Office 2004 for Mac, Office v. X for Mac, Microsoft Works 2004, 2005, 2006
Microsoft Word Vulnerability - CVE-2006-3647
Microsoft Word Mail Merge Vulnerability - CVE-2006-3651
Microsoft Word Malformed Stack Vulnerability - CVE-2006-4534
Microsoft Word for Mac Vulnerability - CVE-2006-4693

Bulletin: MS06-061
Title: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution
Rating: Critical
KB: 924191
Affected Technologies: XML Core Services 3.0, 5.0 SP1
Microsoft XML Core Services Vulnerability - CVE-2006-4685
XSLT Buffer Overrun Vulnerability - CVE-2006-4686

Bulletin: MS06-062
Title: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
Rating: Critical
KB: 922581
Affected Technologies: Microsoft Office 2000, 2002 (XP), 2003, Project 2000, Project 2002, Visio 2002, Office 2004 for Mac, Office v. X for Mac
Office Improper Memory Access Vulnerability - CVE-2006-3434
Office Malformed Chart Record Vulnerability - CVE-2006-3650
Office Malformed Record Memory Corruption Vulnerability - CVE-2006-3864
Microsoft Office Smart Tag Parsing Vulnerability - CVE-2006-3868

Bulletin: MS06-063
Title: Vulnerability in Server Service Could Allow Denial of Service
Rating: Important
KB: 923414
Affected Technologies: Microsoft Windows 2000, XP, and 2003
Server Service Denial of Service Vulnerability - CVE-2006-3942
SMB Rename Vulnerability - CVE-2006-4696

Bulletin: MS06-064
Title: Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service
Rating: low
KB: 922819
Affected Technologies: Windows XP, Windows 2003
ICMP Connection Reset Vulnerability - CVE-2004-0790
TCP Connection Reset Vulnerability - CVE-2004-0230
Spoofed Connection Request Vulnerability - CVE-2005-0688

Bulletin: MS06-065
Title: Vulnerability in Windows Object Packager Could Allow Remote Execution
Rating: Moderate
KB: 924496
Affected Technologies: Microsoft Windows XP, 2003
Object Packager Dialogue Spoofing Vulnerability - CVE-2006-4692