1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Recent Critical Updates 2006

Discussion in 'Virus & Other Malware Removal' started by eddie5659, Jan 1, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Hiya

    This thread will be just for the most current ones for this year. For the older ones, please see All Critical Updates

    Regards

    eddie
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    Hiya

    A remote code execution vulnerability exists in Outlook Express when using a Windows Address Book (.wab) file that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

    If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.


    Affected Components:

    • Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
    • Outlook Express 6 Microsoft Windows Server 2003 on Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Outlook Express 6 on Microsoft Windows XP Service Pack 2
    • Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
    • Outlook Express 6 Service Pack 1 on Microsoft Windows XP Service Pack 1 or when installed on Microsoft Windows 2000 Service Pack 4
    • Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4



    http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx

    eddie
     
  3. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    A remote code execution vulnerability exists in Windows Explorer because of the way that it handles COM objects. An attacker would need to convince a user to visit a Web site that could force a connection to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.



    Affected Software:

    • Microsoft Windows 2000 Service Pack 4
    • Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Microsoft Windows Server 2003 x64 Edition



    http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx

    eddie
     
  4. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    A remote code execution vulnerability exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.


    Affected Software:


    • Microsoft Windows XP Service Pack 1 running Microsoft Data Access Components 2.7 Service Pack 1
    • Microsoft Windows XP Service Pack 2 running Microsoft Data Access Components 2.8 Service Pack 1
    • Microsoft Windows XP Professional x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
    • Microsoft Windows Server 2003 running Microsoft Data Access Components 2.8
    • Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data Access Components 2.8 Service Pack 2
    • Microsoft Windows Server 2003 for Itanium-based Systems running Microsoft Data Access Components 2.8
    • Microsoft Windows Server 2003 with SP1 for Itanium-based Systems running Microsoft Data Access Components 2.8 Service Pack 2
    • Microsoft Windows Server 2003 x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
    • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5 Service Pack 3installed
    • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7 Service Pack 1installed
    • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 installed
    • Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 Service Pack 1installed
    • Windows XP Service Pack 1 with Microsoft Data Access Components 2.8 installed



    http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

    eddie
     
  5. eddie5659

    eddie5659 Moderator Malware Specialist Thread Starter

    Joined:
    Mar 19, 2001
    Messages:
    34,048
    This has a fair few updates:


    A remote code execution vulnerability exists in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A remote code execution vulnerability exists in the way Internet Explorer handles multiple event handlers in an HTML element. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A remote code execution vulnerability exists in Internet Explorer. An HTML Application (HTA) can be initiated in a way that bypasses the security control within Internet Explorer. This allows an HTA to execute without Internet Explorer displaying the normal security dialog box. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A remote code execution vulnerability exists in the way Internet Explorer handles specially crafted and not valid HTML. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A remote code execution vulnerability exists in the way Internet Explorer handles HTML elements that contain a specially crafted tag. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A remote code execution vulnerability exists in the way Internet Explorer handles double-byte characters in specially crafted URLs. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    A vulnerability exists in Internet Explorer in the way it returns IOleClientSite information when an embedded object is dynamically created. An attacker could exploit the vulnerability by constructing a malicious Web page with a dynamically created object. This object would need to make use of the IOleClientSite information returned to make a security related decision. This could potentially allow remote code execution or information disclosure if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

    An information disclosure vulnerability exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially lead to information disclosure if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could read cookies or other data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.

    A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. The address bar and other parts of the trust UI has been navigated away from the attacker’s Web site but the content of the window still contains the attacker’s Web page.

    Affected Components:

    • Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
    • Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
    • Internet Explorer 6 for Microsoft Windows XP Service Pack 2
    • Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
    • Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    • Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
    • Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition



    http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

    eddie
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,223
    First Name:
    Derek
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430106

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice