| Security Bulletin Name, 
          Brief Description  | ID Number,  Date/Link | 
        
        
			| Vulnerability in Microsoft Publisher Could Allow 
			Remote Code Execution (910729):
			A remote code execution vulnerability exists 
			in Publisher. An attacker could exploit this vulnerability when 
			Publisher parses a file with a malformed string. | (MS06-054) | 
		
          | September 12, 2006 | 
		
			| Vulnerability in Indexing Service Could Allow 
			Cross-Site Scripting (920685): 
			There is an information disclosure vulnerability in 
			the Indexing Service because of the way that it handles query 
			validation. The vulnerability could allow an attacker to run 
			client-side script on behalf of a user. The script could spoof 
			content, disclose information, or take any action that the user 
			could take on the affected Web site. | (MS06-053) | 
		
          | September 12, 2006 | 
		
			| Vulnerability in Pragmatic General Multicast (PGM) 
			Could Allow Remote Code Execution (919007): 
			There is a remote code execution vulnerability that 
			could allow an attacker to send a specially crafted multicast 
			message to an affected system and execute code on the affected 
			system. The MSMQ service, which is the Windows service needed to 
			allow PGM communications is not installed by default. | (MS06-052) | 
		
          | September 12, 2006 | 
			
			| Vulnerability in Windows Kernel Could Result in 
			Remote Code Execution (917422): There is a
			privilege 
			elevation vulnerability in the way that Windows 2000 starts 
			applications. This vulnerability could allow a logged on user to 
			take complete control of the system. | (MS06-051) | 
		
          | August 8, 2006 | 
		
			| Vulnerabilities in Microsoft Windows Hyperlink 
			Object Library Could Allow Remote Code Execution (920670): A 
			remote code execution vulnerability exists in the Hyperlink Object 
			Library. This problem exists because of an unchecked buffer in the 
			code that is used for handling hyperlinks. An attacker could exploit 
			the vulnerability by constructing a malicious hyperlink which could 
			potentially lead to remote code execution if a user clicks a 
			malicious link within an Office file or e-mail message. An attacker 
			who successfully exploited this vulnerability could take complete 
			control of the affected system. User interaction is required to 
			exploit this vulnerability. | (MS06-050) | 
		
          | August 8, 2006 | 
		
			| Vulnerability in Windows Kernel Could Result in 
			Elevation of Privilege (920958): There is a
			privilege 
			elevation vulnerability in Windows 2000 caused by improper 
			validation of system inputs. This vulnerability could allow a logged 
			on user to take complete control of the system. | (MS06-049) | 
		
          | August 8, 2006 | 
		
			| Vulnerabilities in Microsoft Office Could Allow 
			Remote Code Execution (922968): A remote code execution 
			vulnerability exists in PowerPoint and could be exploited when a 
			file containing a malformed shape container is parsed by PowerPoint. 
			Such a file might be included in an e-mail attachment or hosted on a 
			malicious web site. An attacker could exploit the vulnerability by 
			constructing a specially crafted PowerPoint file that could allow 
			remote code execution. | (MS06-048) | 
		
          | August 8, 2006 | 
		
			| Vulnerability in Microsoft Visual Basic for 
			Applications Could Allow Remote Code Execution (921645): A 
			remote code execution vulnerability exists in the way that Visual 
			Basic for Applications (VBA) checks the document properties that a 
			host application passes to it when opening a document. This 
			vulnerability could allow an attacker who successfully exploited the 
			vulnerability to take complete control of the affected system. | (MS06-047) | 
		
          | August 8, 2006 | 
			
			| Vulnerability in HTML Help Could Allow Remote 
			Code Execution (922616): A vulnerability exists in the HTML 
			Help ActiveX control that could allow remote code execution on an 
			affected system. An attacker could exploit the vulnerability by 
			constructing a malicious Web page that could potentially allow 
			remote code execution if a user visited that page. An attacker who 
			successfully exploited this vulnerability could take complete 
			control of an affected system. | (MS06-046) | 
		
          | August 8, 2006 | 
		
			| Vulnerability in Windows Explorer Could Allow 
			Remote Code Execution (921398): A remote code execution 
			vulnerability exists in Windows Explorer because of the way that 
			Windows Explorer handles Drag and Drop events. An attacker could 
			exploit the vulnerability by constructing a malicious Web page that 
			could potentially allow an attacker to save a file on the user’s 
			system if a user visited a malicious Web site or viewed a malicious 
			e-mail message. An attacker who successfully exploited this 
			vulnerability could take complete control of an affected system. 
			User interaction is required to exploit this vulnerability | (MS06-045) | 
		
          | August 8, 2006 | 
		
			| Vulnerability in Microsoft Management Console 
			Could Allow Remote Code Execution (917008): There is a 
			remote code execution vulnerability in Windows Management Console 
			that could allow an attacker who successfully exploited this 
			vulnerability to take complete control of the affected system. | (MS06-044) | 
		
          | August 8, 2006 | 
			
			| Vulnerability in Microsoft Windows Could Allow 
			Remote Code Execution (920214): There is a remote code 
			execution vulnerability in Windows that results from incorrect 
			parsing of the MHTML protocol. An attacker could exploit the 
			vulnerability by constructing a specially crafted Web page or HTML 
			e-mail that could potentially lead to remote code execution if a 
			user visited a specially crafted Web site or clicked a link in a 
			specially crafted e-mail message. | (MS06-043) | 
		
          | August 8, 2006 | 
			
			| Cumulative Security Update for Internet Explorer 
			(918899): If a user is logged on with administrative user 
			rights, an attacker who successfully exploited the most severe of 
			these vulnerabilities could take complete control of an affected 
			system. An attacker could then install programs; view, change, or 
			delete data; or create new accounts with full user rights. Users 
			whose accounts are configured to have fewer user rights on the 
			system could be less impacted than users who operate with 
			administrative user rights. | (MS06-042) | 
		
          | August 8, 2006 | 
		
			| Vulnerabilities in DNS Resolution Could Allow 
			Remote Code Execution (920683): There is a remote code 
			execution vulnerability in Winsock that could allow an attacker who 
			successfully exploited this vulnerability to take complete control 
			of the affected system. For an attack to be successful the attacker 
			would have to force the user to open a file or visit a website that 
			is specially crafted to call the affected Winsock API. | (MS06-041) | 
		
          | August 8, 2006 | 
		
			| Vulnerability in Server Service Could Allow 
			Remote Code Execution (921883): There is a remote code 
			execution vulnerability in Server Service that could allow an 
			attacker who successfully exploited this vulnerability to take 
			complete control of the affected system. | (MS06-040) | 
		
          | August 8, 2006 | 
		
			| Vulnerabilities in Microsoft Office Filters Could 
			Allow Remote Code Execution (915384): A remote code 
			execution vulnerability exists in Office and could be exploited when 
			Office opened a malformed PNG file. An attacker could exploit the 
			vulnerability by constructing a specially crafted PNG file that 
			could allow remote code execution | (MS06-039) | 
		
          | July 11, 2006 | 
		
			| Vulnerabilities in Microsoft Office Could Allow 
			Remote Code Execution (917284): A remote code execution 
			vulnerability exists in Office, and could be exploited when a 
			malformed string included in an Office file was parsed by any of the 
			affected Office applications.  Such a string might be included in an 
			email attachment processed by one of the affected applications or 
			hosted on a malicious web site.  Viewing or previewing a malformed 
			email message in an affected version of Outlook could not lead to 
			exploitation of this vulnerability.  An attacker could exploit the 
			vulnerability by constructing a specially crafted Office file that 
			could allow remote code execution. | (MS06-038) | 
		
          | July 11, 2006 | 
			
			| Vulnerabilities in Microsoft Excel Could Allow 
			Remote Code Execution (917285): A remote code execution 
			vulnerability exists in Excel that results from the processing of a 
			malformed SELECTION record. An attacker could exploit the 
			vulnerability by constructing a specially crafted Excel file that 
			could allow remote code execution. | (MS06-037) | 
		
          | July 11, 2006 | 
		
			| Vulnerability in DHCP Client Service Could Allow 
			Remote Code Execution (914388): There is a remote code 
			execution vulnerability in the DHCP Client service that could allow 
			an attacker who successfully exploited this vulnerability to take 
			complete control of the affected system. | (MS06-036) | 
		
          | July 11, 2006 | 
			
			| Vulnerability in Server Service Could Allow 
			Remote Code Execution (917159): There is a remote code 
			execution vulnerability in the Server driver that could allow an 
			attacker who successfully exploited this vulnerability to take 
			complete control of the affected system. | (MS06-035) | 
		
          | July 11, 2006 | 
		
			| Vulnerability in Microsoft Internet Information 
			Services using Active Server Pages Could Allow Remote Code Execution 
			(917537): There is a remote code execution vulnerability in 
			Internet Information Services (IIS). An attacker could exploit the 
			vulnerability by constructing a specially crafted Active Server 
			Pages (ASP) file, potentially allowing remote code execution if the 
			Internet Information Services (IIS) processes the specially crafted 
			file. An attacker who successfully exploited this vulnerability 
			could take complete control of an affected system. | (MS06-034) | 
		
          | July 11, 2006 | 
		
			| Vulnerability in ASP.NET Could Allow Information 
			Disclosure (917283): This Information Disclosure 
			vulnerability could allow an attacker to bypass ASP.Net security and 
			gain unauthorized access to objects in the Application folders 
			explicitly by name. Note that this vulnerability would not allow an 
			attacker to execute code or to elevate their user rights directly, 
			but it could be used to produce useful information that could be 
			used to try to further compromise the affected system. | (MS06-033) | 
		
          | July 11, 2006 | 
		
			| Vulnerability in TCP/IP Could Allow Remote Code 
			Execution (917953): There is a remote code execution 
			vulnerability in the TCP/IP Protocol driver that could allow an 
			attacker who successfully exploited this vulnerability to take 
			complete control of the affected system. | (MS06-032) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in RPC Mutual Authentication Could 
			Allow Spoofing (917736): There is a spoofing vulnerability 
			in the way that RPC handles mutual authentication. This 
			vulnerability could allow an attacker to persuade a user to connect 
			to a malicious RPC server which appears to be valid. | (MS06-031) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Server Message Block Could Allow 
			Elevation of Privilege (914389): There is an elevation of 
			privilege vulnerability in Server Message Block (SMB) that could 
			allow an attacker who successfully exploited this vulnerability to 
			take complete control of the affected system. | (MS06-030) | 
		
          | June 13, 2006 | 
			
			| Vulnerability in Microsoft Exchange Server 
			Running Outlook Web Access Could Allow Script Injection (912442): 
			A script injection vulnerability exists in Exchange Server running 
			Outlook Web Access (OWA). An attacker could exploit the 
			vulnerability by constructing an e-mail message with a specially 
			crafted script. If this specially crafted script is run, it would 
			execute in the security context of the user on the client. Attempts 
			to exploit this vulnerability require user interaction. | (MS06-029) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Microsoft PowerPoint Could Allow 
			Remote Code Execution (916768): There is a remote code 
			execution vulnerability in PowerPoint that uses a malformed record. 
			An attacker could exploit the vulnerability by constructing a 
			specially crafted PowerPoint file that could allow remote code 
			execution. | (MS06-028) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Microsoft Word Could Allow 
			Remote Code Execution (917336): A remote code execution 
			vulnerability exists in Word using a malformed object pointer. An 
			attacker could exploit the vulnerability by constructing a specially 
			crafted Word file that could allow remote code execution. | (MS06-027) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Graphics Rendering Engine Could 
			Allow Remote Code Execution (918547): A remote code 
			execution vulnerability exists in the Graphics Rendering Engine 
			because of the way that it handles Windows Metafile (WMF) images. An 
			attacker could exploit the vulnerability by constructing a specially 
			crafted WMF image that could potentially allow remote code execution 
			if a user visited a malicious Web site or opened a specially crafted 
			attachment in e-mail. An attacker who successfully exploited this 
			vulnerability could take complete control of an affected system. | (MS06-026) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Routing and Remote Access Could 
			Allow Remote Code Execution (911280): There is a remote code 
			execution vulnerability in the Remote Access Connection Manager (RASMAN) 
			service that could allow an attacker who successfully exploited this 
			vulnerability to take complete control of the affected system. | (MS06-025) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Windows Media Player Could Allow 
			Remote Code Execution (917734): A remote code execution 
			vulnerability exists in Windows Media Player due to the way it 
			handles the processing of PNG images. An attacker could exploit the 
			vulnerability by constructing specially crafted Windows Media Player 
			content that could potentially allow remote code execution if a user 
			visits a malicious Web site or opens an email message with malicious 
			content. An attacker who successfully exploited this vulnerability 
			could take complete control of an affected system. | (MS06-024) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in Microsoft JScript Could Allow 
			Remote Code Execution (917344): There is a remote code 
			execution vulnerability in JScript. An attacker could exploit the 
			vulnerability by constructing specially crafted JScript that could 
			potentially allow remote code execution if a user visited a Web site 
			or viewed a specially crafted e-mail message. An attacker who 
			successfully exploited this vulnerability could take complete 
			control of an affected system. | (MS06-023) | 
		
          | June 13, 2006 | 
		
			| Vulnerability in ART Image Rendering Could Allow 
			Remote Code Execution (918439): There is a remote code 
			execution vulnerability in the way that Windows handles ART images. 
			An attacker could exploit the vulnerability by constructing a 
			specially crafted ART image that could potentially allow remote code 
			execution if a user visited a Web site or viewed a specially crafted 
			e-mail message. An attacker who successfully exploited this 
			vulnerability could take complete control of an affected system. | (MS06-022) | 
		
          | June 13, 2006 | 
        
			| Cumulative Security Update for Internet Explorer 
			(916281): A remote code execution vulnerability exists in 
			the way Internet Explorer handles exceptional conditions. As a 
			result, system memory may be corrupted in such a way that an 
			attacker could execute arbitrary code if a user visited a specially 
			crafted Web site. An attacker who successfully exploited this 
			vulnerability could take complete control of an affected system. | (MS06-021) | 
		
          | June 13, 2006 | 
		
			| Vulnerabilities in Macromedia 
			Flash Player from Adobe Could Allow Remote Code Execution (913433): 
			This update resolves publicly reported vulnerabilities. The 
			vulnerabilities are documented in the "Vulnerability Details" 
			section of this bulletin. These vulnerabilities are also documented 
			in Macromedia Security Bulletin MPSB05-07 for customers using Flash 
			Player 5 and 6. Customers who have installed Flash Player 7 and 
			higher are advised to download the latest version from the Adobe 
			website. Customers that have followed the guidance in Adobe Security 
			Bulletin APSB06-03 are not at risk from the vulnerability. 
 If a user is logged on with administrative user rights, an attacker 
			who successfully exploited these vulnerabilities could take complete 
			control of an affected system. An attacker could then install 
			programs; view, change, or delete data; or create new accounts with 
			full user rights. Users whose accounts are configured to have fewer 
			user rights on the system could be less impacted than users who 
			operate with administrative user rights.
 | (MS06-020) | 
		
          | May 9, 2006 | 
		
			| Vulnerability in Microsoft 
			Exchange Could Allow Remote Code Execution (916803): 
			This update resolves a newly-discovered, privately-reported 
			vulnerability. The vulnerability is documented in the "Vulnerability 
			Details" section of this bulletin. 
 An attacker who successfully exploited this vulnerability could take 
			complete control of an affected system. An attacker could then 
			install programs; view, change, or delete data; or create new 
			accounts with full user rights.
 | (MS06-019) | 
		
          | May 9, 2006 | 
		
			| Vulnerability in Microsoft 
			Distributed Transaction Coordinator Could Allow Denial of Service 
			(913580): 
			A
			
			denial of service 
			vulnerability exists that could allow an attacker to send a 
			specially crafted network message to an affected system. An attacker 
			could cause the Microsoft Distributed Transaction Coordinator (MSDTC) 
			to stop responding. Note that the denial of service vulnerability 
			would not allow an attacker to execute code or to elevate their user 
			rights, but it could cause the affected system to stop accepting 
			requests. | (MS06-018) | 
		
          | May 9, 2006 | 
      
			| Vulnerability in Microsoft 
			FrontPage Server Extensions Could Allow Cross-Site Scripting 
			(917627): The cross-site scripting 
			vulnerability could allow an attacker to run client-side script on 
			behalf of an FPSE user. The script could spoof content, disclose 
			information, or take any action that the user could take on the 
			affected web site. Attempts to exploit this vulnerability require 
			user interaction. An attacker who successfully exploited this 
			vulnerability against an administrator could take complete control 
			of a Front Page Server Extensions 2002 server. | (MS06-017) | 
      
          | April 11, 2006 | 
      
			| Cumulative Security 
			Update for Outlook Express (911567):
          A remote code execution vulnerability exists in Outlook Express when 
			using a Windows Address Book (.wab) file that could allow an 
			attacker who successfully exploited this vulnerability to take 
			complete control of the affected system. 
 If a user is logged on with administrative user rights, an attacker 
			who successfully exploited this vulnerability could take complete 
			control of an affected system. An attacker could then install 
			programs; view, change, or delete data; or create new accounts with 
			full user rights. Users whose accounts are configured to have fewer 
			user rights on the system could be less affected than users who 
			operate with administrative user rights.
 | (MS06-016) | 
      
          | April 11, 2006 | 
      
			| Vulnerability in Windows Explorer 
			Could Allow Remote Code Execution (908531): A remote code 
			execution vulnerability exists in Windows Explorer because of the 
			way that it handles COM objects. An attacker would need to convince 
			a user to visit a Web site that could force a connection to a remote 
			file server. This remote file server could then cause Windows 
			Explorer to fail in a way that could allow code execution. An 
			attacker who successfully exploited this vulnerability could take 
			complete control of an affected system. | (MS06-015) | 
      
          | April 11, 2006 | 
        
			| Vulnerability in the Microsoft 
			Data Access Components (MDAC) Function Could Allow Code Execution 
			(911562): A 
			remote code execution vulnerability exists in the RDS.Dataspace 
			ActiveX control that is provided as part of the ActiveX Data Objects 
			(ADO) and that is distributed in MDAC. An attacker who successfully 
			exploited this vulnerability could take complete control of an 
			affected system. | (MS06-014) | 
		
          | April 11, 2006 | 
        
			| Cumulative Security Update for Internet Explorer 
			(912812): 
			This update resolves several newly-discovered, 
			publicly and privately reported vulnerabilities. Each vulnerability 
			is documented in its own “Vulnerability Details” section of this 
			bulletin. If a user is logged on with 
			administrative user rights, an attacker who successfully exploited 
			the most severe of these vulnerabilities could take complete control 
			of an affected system. An attacker could then install programs; 
			view, change, or delete data; or create new accounts with full user 
			rights. Users whose accounts are configured to have fewer user 
			rights on the system could be less impacted than users who operate 
			with administrative user rights. | (MS06-013) | 
		
          | April 11, 2006 | 
        
			| Vulnerabilities in Microsoft Office Could Allow 
			Remote Code Execution (905413):
A remote code execution vulnerability exists in Excel 
			using a malformed range. An attacker could exploit the vulnerability 
			by constructing a specially crafted Excel file that could allow 
			remote code execution.If a user is logged on with administrative 
			user rights, an attacker who successfully exploited this 
			vulnerability could take complete control of an affected system. An 
			attacker could then install programs; view, change, or delete data; 
			or create new accounts with full user rights. Users whose accounts 
			are configured to have fewer user rights on the system could be less 
			affected than users who operate with administrative user rights. | (MS06-012) | 
		
          | March 14, 2006 | 
        
			| Permissive Windows Services DACLs Could Allow 
			Elevation of Privilege (914798):
          A
			
			privilege elevation 
			vulnerability exists on Windows XP Service Pack 1 on the identified 
			Windows services where the permissions are set by default to a level 
			that may allow a low-privileged user to change properties associated 
			with the service. On Windows 2003 permissions on the identified 
			services are set to a level that may allow a user that belongs to 
			the network configuration operators group to change properties 
			associated with the service. Only members of the Network 
			Configuration Operators group on the targeted machine can remotely 
			attack Windows Server 2003, and this group contains no users by 
			default. The vulnerability could allow a user with valid logon 
			credentials to take complete control of the system on Microsoft 
			Windows XP Service Pack 1. | (MS06-011) | 
		
          | March 14, 2006 | 
        
			| Vulnerability in PowerPoint 2000 Could Allow 
			Information Disclosure (889167): 
			An Information Disclosure vulnerability exists in 
			PowerPoint. An attacker who successfully exploited this 
			vulnerability could remotely attempt to access objects in the 
			Temporary Internet Files Folder (TIFF) explicitly by name. Note that 
			this vulnerability would not allow an attacker to execute code or to 
			elevate their user rights directly, but it could be used to produce 
			useful information that could be used to try to further compromise 
			the affected system. | (MS06-010) | 
		
          | February 14, 2006 | 
        
			| Vulnerability in the Korean Input Method Editor 
			Could Allow Elevation of Privilege (901190):
          A 
			privilege elevation 
			vulnerability exists in the Windows and Office Korean Input Method 
			Editor (IME). This vulnerability could allow a malicious user to 
			take complete control of an affected system. For an attack to be 
			successful an attacker must be able to interactively logon to the 
			affected system. | (MS06-009) | 
		
          | February 14, 2006 | 
        
			| Vulnerability in Web Client Service Could Allow 
			Remote Code Execution (911927):
          A remote code execution vulnerability exists in 
			the way that Windows processes Web Client requests that could allow 
			an attacker who successfully exploited this vulnerable to take 
			complete control of the affected system. | (MS06-008) | 
		
          | February 14, 2006 | 
        | Vulnerability in TCP/IP Could Allow Denial of 
			Service (913446): A 
			
			denial of service 
			vulnerability exists that could allow an attacker to send a 
			specially crafted IGMP packet to an affected system. An attacker 
			could cause the affected system to stop responding. | (MS06-007) | 
        
          | February 14, 2006 | 
          | Vulnerability in Windows Media Player Plug-in 
			with Non-Microsoft Internet Browsers Could Allow Remote Code 
			Execution (911564): 
A remote code execution vulnerability exists in the 
			Windows Media Player plug-in for non-Microsoft Internet browsers 
			because of the way the Windows Media Player plug-in handles a 
			malformed EMBED element. An attacker could exploit the vulnerability 
			by constructing a malicious EMBED element that could potentially 
			allow remote code execution if a user visited a malicious Web site. 
			An attacker who successfully exploited this vulnerability could take 
			complete control of an affected system. | (MS06-006) | 
        
          | February 14, 2006 | 
        
          | Vulnerability in Windows Media Player Could Allow 
			Remote Code Execution (911565): 
			A remote code execution vulnerability exists in 
			Windows Media Player because of the way that it handles processing 
			bitmap files. An attacker could exploit the vulnerability by 
			constructing a malicious bitmap file (.bmp) that could potentially 
			allow remote code execution if a user visited a malicious Web site 
			or viewed a malicious e-mail message. An attacker who successfully 
			exploited this vulnerability could take complete control of an 
			affected system. However, significant user interaction is required 
			to exploit this vulnerability. | (MS06-005) | 
        
          | February 14, 2006 | 
        
          | Cumulative Security Update for Internet Explorer 
			(910620): A remote code execution 
			vulnerability exists in Internet Explorer because of the way that it 
			handles Windows Metafile (WMF) images. An attacker could exploit the 
			vulnerability by constructing a specially crafted WMF image that 
			could potentially allow remote code execution if a user visited a 
			malicious Web site, opened or previewed an e-mail message, or opened 
			a specially crafted attachment in e-mail. An attacker who 
			successfully exploited this vulnerability could take complete 
			control of an affected system. Note that this vulnerability in 
			Internet Explorer is separate from the vulnerabilities addressed in 
			Windows in MS05-053 and MS06-001. | (MS06-004) | 
        
          | February 14, 2006 | 
        
          | Vulnerability in TNEF Decoding in Microsoft 
			Outlook and Microsoft Exchange Could Allow Remote Code Execution:
          A remote code execution vulnerability exists in 
			Microsoft Outlook and Microsoft Exchange Server because of the way 
			that it decodes the Transport Neutral Encapsulation Format (TNEF) 
			MIME attachment. An attacker could exploit 
			the vulnerability by constructing a specially crafted TNEF message 
			that could potentially allow remote code execution when a user opens 
			or previews a malicious e-mail message or when the Microsoft 
			Exchange Server Information Store processes the specially crafted 
			message. | (MS06-003) | 
        
          | January 10, 2006 | 
          | Vulnerability in Embedded Web Fonts Could Allow 
			Remote Code Execution:
          
          A remote code execution vulnerability exists in Windows because of the 
			way that it handles malformed embedded Web fonts. An attacker could 
			exploit the vulnerability by constructing a malicious embedded Web 
			font that could potentially allow remote code execution if a user 
			visited a malicious Web site or viewed a specially crafted e-mail 
			message. An attacker who successfully exploited this vulnerability 
			could take complete control of an affected system. | (MS06-002) | 
        
          | January 10, 2006 | 
          | Vulnerability in Graphics 
			Rendering Engine Could Allow Remote Code Execution (912919):  This 
			update resolves a newly-discovered, public vulnerability. The 
			vulnerability is documented in the "Vulnerability Details" section 
			of this bulletin. 
 Note This vulnerability is currently being exploited and was 
			previously discussed by Microsoft in Microsoft Security Advisory 
			912840.
 
 If a user is logged on with administrative user rights, an attacker 
			who successfully exploited this vulnerability could take complete 
			control of an affected system. An attacker could then install 
			programs; view, change, or delete data; or create new accounts with 
			full user rights. Users whose accounts are configured to have fewer 
			user rights on the system could be less impacted than users who 
			operate with administrative user rights.
 | (MS06-001) | 
        
          | January 5, 2006 |