HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2007-22
Multiple Vulnerabilities in Microsoft Windows,Microsoft Windows Server,Microsoft Internet Explorer,Microsoft Office,Microsoft Exchange,Microsoft CAPICOM and Microsoft BizTalk

Original issue date: May 09, 2007

Systems Affected

  • Microsoft windows
  • Microsoft office
    • Microsoft word
    • Microsoft Excel
  • Microsoft Internet Explorer
  • Microsoft Exchange Server
  • Microsoft Works Suite
  • CAPICOM
  • Microsoft BizTalk

Overview

Multiple vulnerabilities have been reported in various components of Microsoft Windows,Microsoft Windows Server,Microsoft Internet Explorer,Microsoft Office,Microsoft Exchange,Microsoft CAPICOM, Microsoft BizTalk. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of May 2007.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin
Severity
CERT-In Vulnerability Notes
MS07-023: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
High
 CIVN-2007-59: Microsoft Excel BIFF Record, Set Font and Auto Filter record Remote Code Execution Vulnerabilities
MS07-024: Vulnerabilities in Microsoft Word Could Allow Remote Code Execution
High
 CIVN-2007-60: Microsoft Word Array Overflow, Document Stream and RTF Parsing Vulnerabilities
MS07-025: Vulnerability in Microsoft Office Could Allow Remote Code Execution
High
 CIVN-2007-61: Microsoft Office Drawing Object Remote Code Execution Vulnerability
MS07-026: Vulnerabilities in Microsoft Exchange Could Allow Remote Code Execution
High
 CIVN-2007-62: Multiple Vulnerabilities in Microsoft Exchange
MS07-027: Cumulative Security Update for Internet Explorer
High
 CIVN-2007-63: Microsoft Internet Explorer COM Object Instantiation, Uninitialized Memory , Property , HTML Objects memory corruption and Arbitrary File Rewrite Vulnerabilities
MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution
High
 CIVN-2007-64: Microsoft CAPICOM.Certificates ActiveX Control Remote Code Execution Vulnerability
MS07-029: Vulnerability in RPC on Windows DNS Server Could Allow Remote Code Execution
High
 CIVN-2007-49: Remote Code Execution Vulnerability in RPC on Microsoft Windows DNS Server
(Updated:May 09,2007

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin May 2007
http://www.microsoft.com/technet/security/bulletin/ms07-may.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms07-may.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003