CERT-In Advisory CIAD-2007-33
Multiple Vulnerabilities in various components of Microsoft Windows,Microsoft Internet Explorer, Microsoft Outlook Express, Windows Mail and Microsoft Visio
Original issue date:
June 13, 2007
Systems Affected
- Microsoft Windows
- Microsoft Internet Explorer
- Microsoft Outlook Express, Windows Mail
- Microsoft Visio
Overview Multiple vulnerabilities have been reported in various components of Microsoft Windows,Microsoft Internet Explorer,Microsoft Outlook Express, Windows Mail and Microsoft Visio. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of June 2007.
Description
The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:
| Microsoft Security Bulletin |
Severity |
CERT-In Vulnerability Notes |
| MS07-030: Vulnerabilities in Microsoft Visio Could Allow Remote Code Execution |
Medium |
CIVN-2007-70: Microsoft Visio Version Number Memory Corruption and Document Packaging Vulnerabilities |
| MS07-031: Vulnerability in the Windows Schannel Security Package Could Allow Remote Code Execution |
High |
CIVN-2007-71: Microsoft Windows Schannel Security Package Vulnerability |
| MS07-032: Vulnerability in Windows Vista Could Allow Information Disclosure |
Medium |
CIVN-2007-72: Windows Vista Permissive User Information Store ACLs Information Disclosure Vulnerability
|
| MS07-033: Cumulative Security Update for Internet Explorer |
High |
CIVN-2007-73: Microsoft Internet Explorer COM Object Instantiation, CSS Tag, Uninitialized , Speech Control memory corruption and Language Pack Installation, Navigation Cancel Page Spoofing Vulnerabilities
|
| MS07-034: Cumulative Security Update for Outlook Express and Windows Mail |
High |
CIVN-2007-74: Multiple Vulnerabilities in Microsoft Outlook and Windows Mail |
| MS07-035: Vulnerability in Win32 API Could Allow Remote Code Execution |
High |
CIVN-2007-75: Microsoft Win32 API Parameter Validation Remote Code Execution Vulnerability |
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin June 2007
http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
Vendor Information
Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms07-jun.mspx
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
