Advisories

CERT-In Advisory CIAD-2006-0046

Multiple Vulnerabilities in Microsoft Windows, Internet Explorer, Outlook Express, Visual Studio and Windows Media Player

Original Issue Date: December 13, 2006

Severity Rating: High

Systems Affected

Microsoft Windows Operating Systems
Microsoft Internet Explorer
Microsoft Outlook Express
Microsoft Windows Media Player
Microsoft Visual Studio

Overview

Multiple vulnerabilities have been reported in various components of Microsoft Windows such as CRSS, RIS, Microsoft Internet Explorer, Microsoft Visual Studio, Outlook Express and Windows Media Player. This advisory describes these vulnerabilities addressed by the Microsoft Security Bulletins of December 2006.

Description

The vulnerability notes released by CERT-In with reference to Microsoft Security Bulletins are given below:

Microsoft Security Bulletin	Severity	CERT-In Vulnerability Notes
MS06-072:Cumulative Security Update for Internet Explorer	High	CIVN-2006-0127 Microsoft Internet Explorer Memory Corruption and TIF Folder Information Disclosure Vulnerabilites
MS06-073:Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution	High	CIVN-2006-0109 Microsoft Visual Studio WMI Object Broker ActiveX Code Execution Vulnerability
MS06-074:Vulnerability in SNMP Could Allow Remote Code Execution	Medium	CIVN-2006-0128 Remote Code Execution Vulnerability in SNMP
MS06-075:Vulnerability in Windows Could Allow Elevation of Privilege	Medium	CIVN-2006-0129 Microsoft Windows File Manifest Corruption Vulnerability
MS06-076:Cumulative Security Update for Outlook Express	Medium	CIVN-2006-0130 Windows Address Book Contact Record Vulnerability
MS06-077:Vulnerability in Remote Installation Service Could Allow Remote Code Execution	Medium	CIVN-2006-0131 Remote Code Execution Vulnerability in Microsoft Windows RIS
MS06-078:Vulnerability in Windows Media Format Could Allow Remote Code Execution	High	CIVN-2006-0132 Microsoft Windows Media Format Remote Code execution Vulnerability

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin December 2006
http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India