CERT-In:Indian Computer Emergency Response Team

HOME > ADVISORIES

ADVISORIES

CERT-In Advisory CIAD-2006-37
Multiple Vulnerabilities in Microsoft Windows, Microsoft Office and Microsoft XML Core Services

Original issue date: October 11, 2006

Systems Affected

Microsoft Windows Operating Systems
Microsoft Office
Microsoft XML Core Services

Overview

Multiple vulnerabilities have been reported in various components of Microsoft Windows, Microsoft Office and Microsoft XML Core Services. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of October 2006.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS06-056: Vulnerability in ASP.NET Could Allow Information Disclosure	Medium	CIVN-2006-95: Microsoft .NET Framework 2.0(ASP.NET 2.0) Cross-Site Scripting Vulnerability
MS06-057: Vulnerability in Windows Shell Could Allow Remote Code Execution	High	CIVN-2006-94:Microsoft Internet Explorer WebViewFolderIcon Buffer Overflow Vulnerability
MS06-058: Vulnerabilities in Microsoft PowerPoint Could Lead to Remote Code Execution	High	CIVN-2006-96: Microsoft PowerPoint Remote Code Execution Vulnerability
MS06-059: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution	High	CIVN-2006-97: Microsoft Excel Malformed DATETIME Record, STYLE Record, Lotus file, COLINFO Record Vulnerabilities
MS06-060: Vulnerability in Microsoft Word Could Allow Remote Code Execution	High	CIVN-2006-98:Multiple Remote Code Execution Vulnerabilities in Microsoft Word
MS06-061: Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code	High	CIVN-2006-99: Microsoft XML Core Services vulnerabilities
MS06-062: Vulnerabilities in Microsoft Office Could Lead to Remote Code Execution	High	CIVN-2006-100: Microsoft Office Multiple Vulnerabilities
MS06-063: Vulnerability in Server Service Could Allow Denial of Service	Medium	CIVN-2006-101: Denial of Service in Server Service Vulnerability
MS06-064: Vulnerability in TCP-IP IPv6 Could Result in Denial of Service	Low	CIVN-2006-102: Multiple Denial of Service Vulnerabilities in Microsoft Windows TCP/IP IPv6
MS06-065: Vulnerability in Windows Object Packager Could Allow Remote Execution	Medium	CIVN-2006-103: Microsoft Windows Object Packager Dialogue Spoofing Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin October 2006
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms06-oct.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Advisory CIAD-2006-37 Multiple Vulnerabilities in Microsoft Windows, Microsoft Office and Microsoft XML Core Services

CERT-In Advisory CIAD-2006-37
Multiple Vulnerabilities in Microsoft Windows, Microsoft Office and Microsoft XML Core Services