US-CERT Technical Cyber Security Alert TA06-220A -- Microsoft Products Contain Multiple Vulnerabilities

National Cyber Alert System

Technical Cyber Security Alert TA06-220A

Microsoft Products Contain Multiple Vulnerabilities

Original release date: August 08, 2006
Last revised: August 14, 2006
Source: US-CERT

Systems Affected

Microsoft Windows
Microsoft Office (Windows and Mac)
Microsoft Works Suite
Microsoft Visual Basic Basic for Applications (VBA)
Microsoft Internet Explorer

For more complete information, refer to the August 2006 Microsoft Security Bulletins.

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, Works Suite, Visual Basic for Applications, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

The update for MS06-040 addresses a critical vulnerability in the Windows Server service (VU#650769). We have received reports of active exploitation of this vulnerability.

I. Description

Microsoft Security Bulletin Summary for August 2006 addresses vulnerabilities in Microsoft products including Windows, Office, and Internet Explorer.

Further information is available in the following Vulnerability Notes:

VU#650769 - Microsoft Windows Server service buffer overflow

A stack-based buffer overflow exists in the Windows Server service. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code with SYSTEM privileges.
(CVE-2006-3439)

Note that we have received reports that VU#650769 is actively being exploited.

VU#908276 - Microsoft Winsock buffer overflow

A buffer overflow vulnerability in Microsoft Winsock may allow a remote attacker to execute arbitrary code on an affected system.
(CVE-2006-3440)

VU#794580 - Microsoft DNS Client buffer overflow

The Microsoft DNS Client service contains a remote code execution vulnerability that could allow a remote attacker to take complete control of the affected system.
(CVE-2006-3441)

VU#883108 - Microsoft Internet Explorer HTML Document object cross-domain vulnerability

Microsoft Internet Explorer contains a cross-domain vulnerability in how it handles redirected object data. This could allow an attacker to access the content of a web page in a different domain.
(CVE-2006-3280)

VU#119180 - Microsoft Internet Explorer fails to properly interpret layout positioning

Microsoft Internet Explorer fails to properly handle certain combinations of layout positioning. This can allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3450)

VU#262004 - Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets

Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets (CSS). This can allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3451)

VU#340060 - Microsoft Internet Explorer HTML layout rendering vulnerability

Microsoft Internet Explorer fails to properly render certain HTML layout combinations. This can allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3637)

VU#959049 - Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Microsoft Internet Explorer (IE) allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE.
(CVE-2006-3638)

VU#252764 - Microsoft Internet Explorer source element cross-domain vulnerability

Microsoft Internet Explorer fails to properly handle redirects for source elements. This can allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3639)

VU#891204 - Microsoft Windows fails to properly parse the MHTML protocol

Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2766)

VU#927548 - Microsoft Management Console cross-site scripting vulnerability

Microsoft Management Console (MMC) is vulnerable to cross-site scripting, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3643)

VU#159484 - Microsoft Visual Basic for Applications buffer overflow

Microsoft Visual Basic for Applications fails to properly validate document properties. This vulnerability could allow a remote attacker to execute arbitrary code.
(CVE-2006-3649)

VU#936945 - Microsoft PowerPoint contains an unspecified remote code execution vulnerability

Microsoft PowerPoint contains an unspecified vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3590)

VU#884252 - Microsoft PowerPoint fails to properly handle malformed records

Microsoft PowerPoint fails to properly handle malformed records allowing a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-3449)

VU#411516 - Microsoft Windows kernel fails to properly manage exception handling

An exception handling vulnerability in the Microsoft Windows kernel may allow a remote attacker to execute arbitrary code.
(CVE-2006-3648)

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service.

III. Solution

Apply updates

Microsoft has provided updates for these vulnerabilities in the August 2006 Security Bulletins.

When prioritizing updates, it is strongly encouraged to apply the update for MS06-040 (VU#650769) first.

Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Microsoft Office 2000 updates are available on the Microsoft Office Update site. Apple Mac OS X users should obtain updates from the Mactopia web site.

System administrators may wish to consider using Windows Server Update Services (WSUS).

Appendix A. References

Microsoft Security Bulletin Summary for August 2006 - <http://www.microsoft.com/technet/security/bulletin/ms06-aug.mspx>
US-CERT Vulnerability Notes for Microsoft August 2006 updates - <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-aug>
US-CERT Vulnerability Note VU#650769 - <http://www.kb.cert.org/vuls/id/650769>
US-CERT Vulnerability Note VU#908276 - <http://www.kb.cert.org/vuls/id/908276>
US-CERT Vulnerability Note VU#794580 - <http://www.kb.cert.org/vuls/id/794580>
US-CERT Vulnerability Note VU#883108 - <http://www.kb.cert.org/vuls/id/883108>
US-CERT Vulnerability Note VU#119180 - <http://www.kb.cert.org/vuls/id/119180>
US-CERT Vulnerability Note VU#262004 - <http://www.kb.cert.org/vuls/id/262004>
US-CERT Vulnerability Note VU#340060 - <http://www.kb.cert.org/vuls/id/340060>
US-CERT Vulnerability Note VU#959049 - <http://www.kb.cert.org/vuls/id/959049>
US-CERT Vulnerability Note VU#252764 - <http://www.kb.cert.org/vuls/id/252764>
US-CERT Vulnerability Note VU#891204 - <http://www.kb.cert.org/vuls/id/891204>
US-CERT Vulnerability Note VU#927548 - <http://www.kb.cert.org/vuls/id/927548>
US-CERT Vulnerability Note VU#159484 - <http://www.kb.cert.org/vuls/id/159484>
US-CERT Vulnerability Note VU#936945 - <http://www.kb.cert.org/vuls/id/936945>
US-CERT Vulnerability Note VU#884252 - <http://www.kb.cert.org/vuls/id/884252>
US-CERT Vulnerability Note VU#411516 - <http://www.kb.cert.org/vuls/id/411516>
CVE-2006-3439 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3439>
CVE-2006-3440 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3440>
CVE-2006-3441 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3441>
CVE-2006-3280 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3280>
CVE-2006-3450 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3450>
CVE-2006-3451 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3451>
CVE-2006-3637 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3637>
CVE-2006-3639 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3639>
CVE-2006-3638 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3638>
CVE-2006-2766 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2766>
CVE-2006-3643 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3643>
CVE-2006-3649 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3649>
CVE-2006-3590 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3590>
CVE-2006-3449 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3449>
CVE-2006-3648 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3648>
Microsoft Update - <https://update.microsoft.com/microsoftupdate/>
Microsoft Office Update - <http://officeupdate.microsoft.com/>
Mactopia - <http://www.microsoft.com/mac>
Windows Server Update Services - <http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>

Feedback can be directed to US-CERT.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

August 08, 2006: Initial release, called out critical vulnerabilities
August 09, 2006: Fixed incorrect CVE-2006-2127 reference
August 14, 2006: Fixed incorrect appendix heading

Last updated August 14, 2006

US-CERT: United States Computer Emergency Readiness Team

Information For

Sign Up

Reporting

DHS Threat Advisory