CERT-In Advisory CIAD-2006-43
Multiple Vulnerabilities in Microsoft Windows, Microsoft Internet Explorer and Microsoft XML Core Services
Original issue date:
November 15, 2006
Systems Affected
- Microsoft Windows Operating Systems
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 6
- Microsoft XML Core Services
Overview
Multiple vulnerabilities have been reported in various components of Microsoft Windows, Microsoft Internet Explorer and Microsoft XML Core Services. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of November 2006.
Description
The vulnerability notes/Advisories released by CERT-In with reference to Microsoft Security Bulletins are given below
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes /Advisories |
| MS06-066: Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution |
Low |
CIVN-2006-114: Multiple Vulnerabilities in Client Service for NetWare |
MS06-067: Cumulative Security Update for Internet Explorer
|
High |
CIVN-2006-115:Microsoft Internet Explorer "daxctle.ocx" KeyFrame and HTML Rendering Memory Corruption Vulnerability |
MS06-068: Vulnerability in Microsoft Agent Could Allow Remote Code Execution
|
High |
CIVN-2006-116:Microsoft
Agent Memory Corruption Vulnerability |
| MS06-069: Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution |
High |
CIAD-2006-30: Adobe Flash Player Multiple Vulnerabilities |
| MS06-070: Vulnerability in Workstation Service Could Allow Remote Code Execution |
High |
CIVN-2006-117:Microsoft Windows workstation Service Memory Corruption Vulnerability |
| MS06-071: Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution |
High |
CIVN-2006-112: Microsoft XML Core Services XMLHTTP ActiveX Control Code Execution Vulnerability |
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin November 2006
http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms06-nov.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
