CERT-In:Indian Computer Emergency Response Team

HOME > ADVISORIES

ADVISORY

CERT-In Advisory CIAD-2010-48
Multiple Vulnerabilities in Microsoft Windows Canonical Display Driver, Help and Support Center, Office Access ActiveX Controls, Microsoft Outlook

Original issue date: July 14, 2010

Systems Affected

Windows XP SP
Windows Server 2003
Windows 7
Windows Server 2008

Components affected

Microsoft Office
Microsoft Office Outlook

Overview

Multiple vulnerabilities have been reported in Microsoft Windows Canonical Display Driver, Help and Support Center, Office Access ActiveX Controls, Microsoft Outlook.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS10-042: Vulnerability in Help and Support Center Could Allow Remote Code Execution	High	CIVN-2010-155: (Updated:July 14, 2010) Microsoft Help and Support Center Whitelist bypass vulnerability
MS10-043: Vulnerability in Canonical Display Driver Could Allow Remote Code Execution	High	CIVN-2010-144: (Updated:July 14, 2010) Microsoft Windows Memory Error in Canonical Display Driver Remote Code Execution Vulnerability
MS10-044: Vulnerabilities in Microsoft Office Access ActiveX Controls Could Allow Remote Code Execution	High	CIVN-2010-166: Multiple Remote Code Execution Vulnerabilities in Microsoft Office Access ActiveX Controls
MS10-045: Vulnerability in Microsoft Office Outlook Could Allow Remote Code Execution	Medium	CIVN-2010-167: Microsoft Outlook SMB Attachment Code Execution Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin July 2010
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms10-jul.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer