The Active Network

Layout and usability present themselves in good manners the only think I’d have to point out here is that a watches page will open in a new tab and that’s not what I like to see. best replica handbags You will not like the outcome for sure.rolex replica uses us I would not go for “huge” but definitely a place where you will find most of the variations you’d be looking for. leaderwatches.5-carat opal ring.” fake watches he deserved the opulence he maintained in his lifetime. replica watches The signature “Francesco” ablaze in white over the black paint of the bike’s tank was the main attraction or the mere fact that the bike is owned by the Pope in the first place.fake watches This Rolex GMT Master II is one of the good looking replica watches I’ve reviewed lately As you know I’m not one of the biggest Rolex replica watches lover as I prefer bigger cases on my watches and some slightly different looks. Tags: Knock off tag heuer Breguet replica watches,cn because of the.

ActiveWin: Support Active Network | AskAW | Reviews | Interviews | FAQ's | Mailing List | Forum
 

Amazon.com

  *  


Microsoft Security Bulletin Summary List 2006

Security Bulletin Name, Brief Description

ID Number,  Date/Link

Vulnerability in Microsoft Publisher Could Allow Remote Code Execution (910729): A remote code execution vulnerability exists in Publisher. An attacker could exploit this vulnerability when Publisher parses a file with a malformed string. (MS06-054)
September 12, 2006
Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685): There is an information disclosure vulnerability in the Indexing Service because of the way that it handles query validation. The vulnerability could allow an attacker to run client-side script on behalf of a user. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site. (MS06-053)
September 12, 2006
Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007): There is a remote code execution vulnerability that could allow an attacker to send a specially crafted multicast message to an affected system and execute code on the affected system. The MSMQ service, which is the Windows service needed to allow PGM communications is not installed by default. (MS06-052)
September 12, 2006
Vulnerability in Windows Kernel Could Result in Remote Code Execution (917422): There is a privilege elevation vulnerability in the way that Windows 2000 starts applications. This vulnerability could allow a logged on user to take complete control of the system. (MS06-051)
August 8, 2006
Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670): A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer in the code that is used for handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within an Office file or e-mail message. An attacker who successfully exploited this vulnerability could take complete control of the affected system. User interaction is required to exploit this vulnerability. (MS06-050)
August 8, 2006
Vulnerability in Windows Kernel Could Result in Elevation of Privilege (920958): There is a privilege elevation vulnerability in Windows 2000 caused by improper validation of system inputs. This vulnerability could allow a logged on user to take complete control of the system. (MS06-049)
August 8, 2006
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (922968): A remote code execution vulnerability exists in PowerPoint and could be exploited when a file containing a malformed shape container is parsed by PowerPoint. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted PowerPoint file that could allow remote code execution. (MS06-048)
August 8, 2006
Vulnerability in Microsoft Visual Basic for Applications Could Allow Remote Code Execution (921645): A remote code execution vulnerability exists in the way that Visual Basic for Applications (VBA) checks the document properties that a host application passes to it when opening a document. This vulnerability could allow an attacker who successfully exploited the vulnerability to take complete control of the affected system. (MS06-047)
August 8, 2006
Vulnerability in HTML Help Could Allow Remote Code Execution (922616): A vulnerability exists in the HTML Help ActiveX control that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-046)
August 8, 2006
Vulnerability in Windows Explorer Could Allow Remote Code Execution (921398): A remote code execution vulnerability exists in Windows Explorer because of the way that Windows Explorer handles Drag and Drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. User interaction is required to exploit this vulnerability (MS06-045)
August 8, 2006
Vulnerability in Microsoft Management Console Could Allow Remote Code Execution (917008): There is a remote code execution vulnerability in Windows Management Console that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-044)
August 8, 2006
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214): There is a remote code execution vulnerability in Windows that results from incorrect parsing of the MHTML protocol. An attacker could exploit the vulnerability by constructing a specially crafted Web page or HTML e-mail that could potentially lead to remote code execution if a user visited a specially crafted Web site or clicked a link in a specially crafted e-mail message. (MS06-043)
August 8, 2006
Cumulative Security Update for Internet Explorer (918899): If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (MS06-042)
August 8, 2006
Vulnerabilities in DNS Resolution Could Allow Remote Code Execution (920683): There is a remote code execution vulnerability in Winsock that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. For an attack to be successful the attacker would have to force the user to open a file or visit a website that is specially crafted to call the affected Winsock API. (MS06-041)
August 8, 2006
Vulnerability in Server Service Could Allow Remote Code Execution (921883): There is a remote code execution vulnerability in Server Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-040)
August 8, 2006
Vulnerabilities in Microsoft Office Filters Could Allow Remote Code Execution (915384): A remote code execution vulnerability exists in Office and could be exploited when Office opened a malformed PNG file. An attacker could exploit the vulnerability by constructing a specially crafted PNG file that could allow remote code execution (MS06-039)
July 11, 2006
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (917284): A remote code execution vulnerability exists in Office, and could be exploited when a malformed string included in an Office file was parsed by any of the affected Office applications.  Such a string might be included in an email attachment processed by one of the affected applications or hosted on a malicious web site.  Viewing or previewing a malformed email message in an affected version of Outlook could not lead to exploitation of this vulnerability.  An attacker could exploit the vulnerability by constructing a specially crafted Office file that could allow remote code execution. (MS06-038)
July 11, 2006
Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (917285): A remote code execution vulnerability exists in Excel that results from the processing of a malformed SELECTION record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. (MS06-037)
July 11, 2006
Vulnerability in DHCP Client Service Could Allow Remote Code Execution (914388): There is a remote code execution vulnerability in the DHCP Client service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-036)
July 11, 2006
Vulnerability in Server Service Could Allow Remote Code Execution (917159): There is a remote code execution vulnerability in the Server driver that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-035)
July 11, 2006
Vulnerability in Microsoft Internet Information Services using Active Server Pages Could Allow Remote Code Execution (917537): There is a remote code execution vulnerability in Internet Information Services (IIS). An attacker could exploit the vulnerability by constructing a specially crafted Active Server Pages (ASP) file, potentially allowing remote code execution if the Internet Information Services (IIS) processes the specially crafted file. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-034)
July 11, 2006
Vulnerability in ASP.NET Could Allow Information Disclosure (917283): This Information Disclosure vulnerability could allow an attacker to bypass ASP.Net security and gain unauthorized access to objects in the Application folders explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system. (MS06-033)
July 11, 2006
Vulnerability in TCP/IP Could Allow Remote Code Execution (917953): There is a remote code execution vulnerability in the TCP/IP Protocol driver that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-032)
June 13, 2006
Vulnerability in RPC Mutual Authentication Could Allow Spoofing (917736): There is a spoofing vulnerability in the way that RPC handles mutual authentication. This vulnerability could allow an attacker to persuade a user to connect to a malicious RPC server which appears to be valid. (MS06-031)
June 13, 2006
Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389): There is an elevation of privilege vulnerability in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-030)
June 13, 2006
Vulnerability in Microsoft Exchange Server Running Outlook Web Access Could Allow Script Injection (912442): A script injection vulnerability exists in Exchange Server running Outlook Web Access (OWA). An attacker could exploit the vulnerability by constructing an e-mail message with a specially crafted script. If this specially crafted script is run, it would execute in the security context of the user on the client. Attempts to exploit this vulnerability require user interaction. (MS06-029)
June 13, 2006
Vulnerability in Microsoft PowerPoint Could Allow Remote Code Execution (916768): There is a remote code execution vulnerability in PowerPoint that uses a malformed record. An attacker could exploit the vulnerability by constructing a specially crafted PowerPoint file that could allow remote code execution. (MS06-028)
June 13, 2006
Vulnerability in Microsoft Word Could Allow Remote Code Execution (917336): A remote code execution vulnerability exists in Word using a malformed object pointer. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution. (MS06-027)
June 13, 2006
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (918547): A remote code execution vulnerability exists in the Graphics Rendering Engine because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-026)
June 13, 2006
Vulnerability in Routing and Remote Access Could Allow Remote Code Execution (911280): There is a remote code execution vulnerability in the Remote Access Connection Manager (RASMAN) service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. (MS06-025)
June 13, 2006
Vulnerability in Windows Media Player Could Allow Remote Code Execution (917734): A remote code execution vulnerability exists in Windows Media Player due to the way it handles the processing of PNG images. An attacker could exploit the vulnerability by constructing specially crafted Windows Media Player content that could potentially allow remote code execution if a user visits a malicious Web site or opens an email message with malicious content. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-024)
June 13, 2006
Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344): There is a remote code execution vulnerability in JScript. An attacker could exploit the vulnerability by constructing specially crafted JScript that could potentially allow remote code execution if a user visited a Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-023)
June 13, 2006
Vulnerability in ART Image Rendering Could Allow Remote Code Execution (918439): There is a remote code execution vulnerability in the way that Windows handles ART images. An attacker could exploit the vulnerability by constructing a specially crafted ART image that could potentially allow remote code execution if a user visited a Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-022)
June 13, 2006
Cumulative Security Update for Internet Explorer (916281): A remote code execution vulnerability exists in the way Internet Explorer handles exceptional conditions. As a result, system memory may be corrupted in such a way that an attacker could execute arbitrary code if a user visited a specially crafted Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-021)
June 13, 2006
Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (913433): This update resolves publicly reported vulnerabilities. The vulnerabilities are documented in the "Vulnerability Details" section of this bulletin. These vulnerabilities are also documented in Macromedia Security Bulletin MPSB05-07 for customers using Flash Player 5 and 6. Customers who have installed Flash Player 7 and higher are advised to download the latest version from the Adobe website. Customers that have followed the guidance in Adobe Security Bulletin APSB06-03 are not at risk from the vulnerability.

If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(MS06-020)
May 9, 2006
Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803): This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
(MS06-019)
May 9, 2006
Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580): A denial of service vulnerability exists that could allow an attacker to send a specially crafted network message to an affected system. An attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests. (MS06-018)
May 9, 2006
Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627): The cross-site scripting vulnerability could allow an attacker to run client-side script on behalf of an FPSE user. The script could spoof content, disclose information, or take any action that the user could take on the affected web site. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability against an administrator could take complete control of a Front Page Server Extensions 2002 server. (MS06-017)
April 11, 2006
Cumulative Security Update for Outlook Express (911567): A remote code execution vulnerability exists in Outlook Express when using a Windows Address Book (.wab) file that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.
(MS06-016)
April 11, 2006
Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531): A remote code execution vulnerability exists in Windows Explorer because of the way that it handles COM objects. An attacker would need to convince a user to visit a Web site that could force a connection to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-015)
April 11, 2006
Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562): A remote code execution vulnerability exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-014)
April 11, 2006
Cumulative Security Update for Internet Explorer (912812): This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own “Vulnerability Details” section of this bulletin.

If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

(MS06-013)
April 11, 2006
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413): A remote code execution vulnerability exists in Excel using a malformed range. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution.If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. (MS06-012)
March 14, 2006
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798): A privilege elevation vulnerability exists on Windows XP Service Pack 1 on the identified Windows services where the permissions are set by default to a level that may allow a low-privileged user to change properties associated with the service. On Windows 2003 permissions on the identified services are set to a level that may allow a user that belongs to the network configuration operators group to change properties associated with the service. Only members of the Network Configuration Operators group on the targeted machine can remotely attack Windows Server 2003, and this group contains no users by default. The vulnerability could allow a user with valid logon credentials to take complete control of the system on Microsoft Windows XP Service Pack 1. (MS06-011)
March 14, 2006
Vulnerability in PowerPoint 2000 Could Allow Information Disclosure (889167): An Information Disclosure vulnerability exists in PowerPoint. An attacker who successfully exploited this vulnerability could remotely attempt to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system. (MS06-010)
February 14, 2006
Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190): A privilege elevation vulnerability exists in the Windows and Office Korean Input Method Editor (IME). This vulnerability could allow a malicious user to take complete control of an affected system. For an attack to be successful an attacker must be able to interactively logon to the affected system. (MS06-009)
February 14, 2006
Vulnerability in Web Client Service Could Allow Remote Code Execution (911927): A remote code execution vulnerability exists in the way that Windows processes Web Client requests that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system. (MS06-008)
February 14, 2006
Vulnerability in TCP/IP Could Allow Denial of Service (913446): A denial of service vulnerability exists that could allow an attacker to send a specially crafted IGMP packet to an affected system. An attacker could cause the affected system to stop responding. (MS06-007)
February 14, 2006
Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564): A remote code execution vulnerability exists in the Windows Media Player plug-in for non-Microsoft Internet browsers because of the way the Windows Media Player plug-in handles a malformed EMBED element. An attacker could exploit the vulnerability by constructing a malicious EMBED element that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-006)
February 14, 2006
Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565): A remote code execution vulnerability exists in Windows Media Player because of the way that it handles processing bitmap files. An attacker could exploit the vulnerability by constructing a malicious bitmap file (.bmp) that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. (MS06-005)
February 14, 2006
Cumulative Security Update for Internet Explorer (910620): A remote code execution vulnerability exists in Internet Explorer because of the way that it handles Windows Metafile (WMF) images. An attacker could exploit the vulnerability by constructing a specially crafted WMF image that could potentially allow remote code execution if a user visited a malicious Web site, opened or previewed an e-mail message, or opened a specially crafted attachment in e-mail. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Note that this vulnerability in Internet Explorer is separate from the vulnerabilities addressed in Windows in MS05-053 and MS06-001. (MS06-004)
February 14, 2006
Vulnerability in TNEF Decoding in Microsoft Outlook and Microsoft Exchange Could Allow Remote Code Execution: A remote code execution vulnerability exists in Microsoft Outlook and Microsoft Exchange Server because of the way that it decodes the Transport Neutral Encapsulation Format (TNEF) MIME attachment.

An attacker could exploit the vulnerability by constructing a specially crafted TNEF message that could potentially allow remote code execution when a user opens or previews a malicious e-mail message or when the Microsoft Exchange Server Information Store processes the specially crafted message.

(MS06-003)
January 10, 2006
Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution: A remote code execution vulnerability exists in Windows because of the way that it handles malformed embedded Web fonts. An attacker could exploit the vulnerability by constructing a malicious embedded Web font that could potentially allow remote code execution if a user visited a malicious Web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. (MS06-002)
January 10, 2006
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919):  This update resolves a newly-discovered, public vulnerability. The vulnerability is documented in the "Vulnerability Details" section of this bulletin.

Note This vulnerability is currently being exploited and was previously discussed by Microsoft in Microsoft Security Advisory 912840.

If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
(MS06-001)
January 5, 2006


For the most update information, visit: http://www.microsoft.com/technet

For 2005 Security Bulletins Please Visit Here:  http://www.activewin.com/bugs/secb2005.shtml
For 2004 Security Bulletins Please Visit Here:  http://www.activewin.com/bugs/secb2004.shtml
For 2003 Security Bulletins Please Visit Here:  http://www.activewin.com/bugs/secb2003.shtml
For 2002 Security Bulletins Please Visit Here:  http://www.activewin.com/bugs/secb2002.shtml
For 2001 Security Bulletins Please Visit Here:  http://www.activewin.com/bugs/secb2001.shtml


Return To
Support Center

ActiveWin.com Featured Partners:

&70-536 is very imperative exams of Microsoft Certification for the application development and NET framework dexterity.70-536 exams offer the technical support to envisage and designate an application after the complete evaluation of the technical practicability of an application in order to meet the challenging needs of the IT field. MCSA 2003 implies for Microsoft certified systems administrator certification which is applicable for Microsoft Windows 2000 and Microsoft Windows Server 2003 with all implementing, managing and troubleshooting tools of networking systems. 70-227 exams of Microsoft enable the IT professionals very proficient in configuring, installing, supervising Microsoft internet safety measures and acceleration server 2000. 70-272 exams is one of the leading exams of Microsoft certification to produce the proficient IT professionals. 70-272 exams handle all kinds of troubleshooting desktop application, common settings, and variegated issues of Internet explorer, office, and outlook express with the help of the knowledgeable databases. 70-229 exams is very ideal and perfect choice of IT experts to enhance their proficiency by having certification of Microsoft.

  *  
  *   *