CERT-In:Indian Computer Emergency Response Team

HOME > ADVISORIES

ADVISORIES

CERT-In Advisory CIAD-2007-36
Multiple Vulnerabilities in various components of Microsoft Windows, Windows Active Directory, Microsoft IIS, Microsoft .NET Framework, Microsoft Vista, Microsoft Office Publisher 2007 and Microsoft Office

Original issue date: July 11, 2007

Systems Affected

Microsoft Windows
Windows Active Directory
Microsoft IIS
Microsoft .NET Framework
Microsoft Vista
Microsoft Office Publisher 2007
Microsoft Office

Overview

Multiple vulnerabilities have been reported in various components of Microsoft Windows, Windows Active Directory, Microsoft IIS, Microsoft .NET Framework, Microsoft Vista, Microsoft Office Publisher 2007 and Microsoft Office. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of July 2007.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS07-036: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution	High	CIVN-2007-81: Microsoft Excel Remote Code Execution vulnerabilities
MS07-037: Vulnerability in Microsoft Office Publisher 2007 Could Allow Remote Code Execution	Medium	CIVN-2007-82: Microsoft Office Publisher 2007 Invalid Memory Reference Vulnerability
MS07-038: Vulnerability in Windows Vista Firewall Could Allow Information Disclosure	Low	CIVN-2007-83: Microsoft Windows Vista Teredo Interface Firewall Bypass Vulnerability
MS07-039: Vulnerability in Windows Active Directory Could Allow Remote Code Execution	High	CIVN-2007-84: Microsoft Windows Active Directory Vulnerabilities
MS07-040: Vulnerabilities in .NET Framework Could Allow Remote Code Execution	High	CIVN-2007-85: Remote Code Execution Vulnerabilities in Microsoft .NET Framework
MS07-041: Vulnerability in Microsoft Internet Information Services Could Allow Remote Code Execution	Medium	CIVN-2007-86: Microsoft IIS (Internet Information Server 5.1) DLL Request Denial of Service Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin July 2007
http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms07-jul.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Advisory CIAD-2007-36 Multiple Vulnerabilities in various components of Microsoft Windows, Windows Active Directory, Microsoft IIS, Microsoft .NET Framework, Microsoft Vista, Microsoft Office Publisher 2007 and Microsoft Office

CERT-In Advisory CIAD-2007-36
Multiple Vulnerabilities in various components of Microsoft Windows, Windows Active Directory, Microsoft IIS, Microsoft .NET Framework, Microsoft Vista, Microsoft Office Publisher 2007 and Microsoft Office