HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-08
Multiple Vulnerabilities in Microsoft Windows, Internet
Explorer, Microsoft Malware Protection Engine, Microsoft Data Access Components, HTML Help ActiveX Control and Microsoft office

Original issue date: February 14, 2007

Systems Affected

  • Microsoft Windows Operating Systems
  • Microsoft Internet Explorer
  • Microsoft office
    • Microsoft word

Overview

Multiple vulnerabilities have been reported in various components of Microsoft Windows, Internet Explorer, Microsoft Malware Protection Engine, Microsoft Data Access Components, HTML Help ActiveX Control and Microsoft office. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of February 2007.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below

Microsoft Security Bulletin
Severity
CERT-In Vulnerability Notes
MS07-005: Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution
Medium
 CIVN-2007-12: Microsoft Windows Interactive Training Bookmark Link
File Buffer overflow Vulnerability
MS07-006: Vulnerability in Windows Shell Could Allow Elevation of Privilege
Medium
 CIVN-2007-13: Privilege Elevation Vulnerability in Windows Shell
MS07-007: Vulnerability in Windows Image Acquisition Service Could Allow Elevation of Privilege
Medium
 CIVN-2007-14: Microsoft Windows Image Acquisition (WIA) Service Local Privilege Escalation Vulnerability
MS07-008: Vulnerability in HTML Help ActiveX Control Could Allow Remote Code Execution
High
 CIVN-2007-15: Microsoft Windows HTML Help ActiveX Control Vulnerability
MS07-009: Vulnerability in Microsoft Data Access Components Could Allow Remote Code Execution
High
 CIVN-2006-138: Microsoft Internet Explorer ADODB.Connection code execution vulnerability
MS07-010: Vulnerability in Microsoft Malware Protection Engine Could Allow Remote Code Execution
High
 CIVN-2007-16: Microsoft Malware Protection Engine PDF File parsing vulnerability
MS07-011: Vulnerability in Microsoft OLE Dialog Could Allow Remote Code Execution
Medium
 CIVN-2007-17: Microsoft Windows workstation Service Memory Corruption Vulnerability
MS07-012: Vulnerability in Microsoft MFC Could Allow Remote Code Execution
Medium
 CIVN-2007-18: Microsoft Windows Interactive Training Bookmark Link
File Buffer overflow Vulnerability
MS07-013: Vulnerability in Microsoft RichEdit Could Allow Remote Code Execution
Medium
 CIVN-2007-19: Microsoft RichEdit OLE Dialog Memory Corruption Vulnerability
MS07-014: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
Medium

CIVN-2007-20: Microsoft Word Multiple Vulnerabilities
MS07-015: Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
High
 CIVN-2007-21: Microsoft Office Malformed Record Vulnerabilities
MS07-016: Cumulative Security Update for Internet Explorer
High
 CIVN-2007-22: Microsoft Internet Explorer COM Object Instantiation and FTP server Response Parsing Vulnerabilities

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin February 2007
http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms07-feb.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003