Published: 2006-06-14T03:45+00:00
Last Updated: 2006-07-11T20:19+00:00
TRTA06-164A
Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities
Overview
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information
| Date (UTC) | Description |
| 2006-06-23 |
Microsoft Microsoft Security Advisory (921923): Proof of Concept Code Published Affecting the Remote Access Connection Manager Service |
| 2006-06-23 |
Microsoft Microsoft Knowledge Base Article 911280: MS06-025: Vulnerability in Routing and Remote Access could allow remote code execution |
| 2006-06-16 14:40 |
Internet Security Systems AlertCon (2) => (1) |
| 2006-06-14 11:31 |
SANS Internet Storm Center Exploits for most recent Microsoft Patches MS06-024: Windows Media Player (Exploit released by penetration testing vendor to customers). MS06-025: RRAS (Exploit released by penetration testing vendor to customers). MS06-027: Word remote code execution (Exploit available before release of patch). MS06-030: SMB Priviledge Escalation (Two exploits released to the public). MS06-032: IP Source Routing Exploit (DoS exploits released privately (trivial exploit)). |
| 2006-06-14 09:48 |
Microsoft MS06-JUN: Microsoft Security Bulletin Summary for June, 2006 Via Microsoft Mailing List |
| 2006-06-13 22:41 |
US-CERT TA06-164A: Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities Via US-CERT Mailing List |
| 2006-06-13 22:11 |
Bugtraq [REVERSEMODE ADVISORY] MS06-030 NtClose DeadLock SMB Invalid Handle Vulnerability(CVE-2006-2374,MS06-030) a proof-of-concept code for this vulnerability |
| 2006-06-13 22:00 |
Bugtraq [REVERSEMODE ADVISORY] MS06-030 - Microsoft Mrxsmb.sys privilege escalation advisory SMB Driver Elevation of Privilege Vulnerability(CVE-2006-2373,MS06-030) a proof-of-concept code for this vulnerability |
| 2006-06-13 19:25 |
Internet Security Systems AlertCon (1) => (2) |
| 2006-06-13 17:38 |
NGSSoftware Insight Security Research High Risk Vulnerability in Microsoft Windows Remote Access Connection Manager (RASMAN) service Full details will be published on the 13th September 2006. |
| 2006-06-13 |
Symantec SYMSA-2006-004: Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution Graphics Rendering Vulnerability(CVE-2006-2376,MS06-026) Full disclosure on July 11, 2006 |
| 2006-06-13 |
Internet Security Systems Cumulative Security Update for Internet Explorer for June 2006 Internet Security Systems Protection Alert |
| 2006-06-13 |
Internet Security Systems Vulnerability in Windows Media Player Could Allow Code Execution Internet Security Systems Protection Alert |
| 2006-04-27 |
Zero Day Initiative (ZDI) ZDI-06-018: Microsoft Internet Explorer DXImageTransform ActiveX Memory COM Object Instantiation Memory Corruption Vulnerability(CVE-2006-1303,MS06-021) Vulnerability Reported |
| 2006-04-26 |
Secunia SA19762: Internet Explorer Exception Handling Memory Corruption Vulnerability Microsoft Exchange Server when running Outlook Web Access Vulnerability(CVE-2006-2218,MS06-021) Vulnerability discovered |
| 2006-02-22 |
iDefense Windows Media Player PNG Chunk Decoding Stack-Based Buffer Overflow Windows Media Player PNG Vulnerability(CVE-2006-0025,MS06-024) Vulnerability Reported |
| 2006-02-09 |
Full-disclosure [Full-disclosure] Re: Is Windows TCP/IP source routing PoC code available? IP Source Route Vulnerability (CVE-2006-2379,MS06-032) a proof-of-concept code for this vulnerability #winicmpdos.cmd #win2knatdos.cmd |
| 2006-02-07 |
iDefense Microsoft Internet Explorer ART File Heap Corruption Vulnerability ART Image Rendering Vulnerability(CVE-2006-2378,MS06-022) Vulnerability Reported |
| 2006-02-07 |
iDefense Windows MRXSMB.SYS MrxSmbCscIoctlCloseForCopyChunk DoS SMB Invalid Handle Vulnerability(CVE-2006-2374,MS06-030) Vulnerability Reported |
| 2006-01-20 |
Zero Day Initiative (ZDI) ZDI-06-017: Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability HTML Decoding Memory Corruption Vulnerability(CVE-2006-2382,MS06-021) Vulnerability Reported |
| 2005-12-09 |
iDefense Windows MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk Overflow SMB Driver Elevation of Privilege Vulnerability(CVE-2006-2373,MS06-030) Vulnerability Reported |
| 2005-10-27 |
SEC-CONSULT SEC-CONSULT Security Advisory 20060613-0: HTML Code Injection in Outlook Web Access Microsoft Exchange Server when running Outlook Web Access Vulnerability(CVE-2006-1193,MS06-029) Vulnerability discovered |