Published: 2006-08-09T22:11+00:00
Last Updated: 2006-11-25T03:24+00:00
TRTA06-220A
Microsoft Products Contain Multiple Vulnerabilities
Overview
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, Works Suite, Visual Basic for Applications, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information
Date (UTC) | Description |
2006-09-21 |
MS Windows (Windows Kernel) Privilege Escalation Exploit (MS06-049) a proof-of-concept code for this vulnerability (CVE-2006-3444,MS06-049) #Cid: ms06-049.c #Cid: 19388.c #Tested: Windows 2000 PRO SP4 [CN] #Tested: Windows 2000 PRO SP4 Rollup 1 [CN] #Tested: Windows 2000 PRO SP4 [EN] #Tested: Windows 2000 PRO SP4 Rollup 1 [EN] |
2006-09-13 |
Microsoft Windows NetpIsRemote() Remote Overflow (Exploit, MS06-040, Windows 2003) a proof-of-concept code for this vulnerability #Tested: Windows Server 2003 SP0 #Cid: netapi_win2003.pm |
2006-09-12 22:45 |
US-CERT Microsoft Re-Releases Windows Server Service Security Bulletin MS06-040 Microsoft has released a new version of Security Bulletin MS06-040 and the associated security updates. |
2006-09-12 |
Microsoft MS06-042: Cumulative Security Update for Internet Explorer (918899) Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates have been re-released to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow - CVE-2006-3873. |
2006-09-12 |
Microsoft MS06-040: Vulnerability in Server Service Could Allow Remote Code Execution (921883) The update has been revised and re-released for Microsoft Windows 2003 and Microsoft Windows XP Professional x64 Edition to address the issues identified in Microsoft Knowledge Base Article 924054 (Programs that request lots of contiguous memory may fail after you install security update 921883 (MS06-040) on a Windows Server 2003 Service Pack 1-based computer or a Windows XP Professional x64 Edition-based computer). |
2006-08-27 |
Microsoft Windows NetpIsRemote() Remote Overflow (Exploit, MS06-040) a proof-of-concept code for this vulnerability #Tested: Windows XP SP1 #Tested: Windows 2000 SP4 #Cid: ms06_040_remote_overflow_082706 |
2006-08-24 05:39 |
JPCERT/CC JPCERT-AT-2006-0012: Increase in TCP Port 139 scanning activity |
2006-08-24 |
eEye Digital Security EEYEB-AD20060912: Internet Explorer Compressed Content URL Heap Overflow Vulnerability #2 Long URL Buffer Overflow Vulnerability(CVE-2006-3873,MS06-042) Vulnerability Reported |
2006-08-24 |
Microsoft MS06-042: Cumulative Security Update for Internet Explorer (918899) Bulletin reissued and updated with additional information and vulnerability details affecting Internet Explorer 6 Service Pack 1 customers. |
2006-08-22 07:52 |
Symantec ThreatCON (2) => (1) |
2006-08-22 |
Microsoft Microsoft Security Advisory (923762): Long URLs to sites using HTTP 1.1 and compression Could Cause Internet Explorer 6 Service Pack 1 to Unexpectedly Exit Long URL Buffer Overflow Vulnerability(CVE-2006-3869,MS06-042) |
2006-08-21 16:25 |
Internet Security Systems AlertCon (2) => (1) |
2006-08-19 |
Microsoft Windows CanonicalizePathName() Remote Code Execution (Exploit, MS06-040) a proof-of-concept code for this vulnerability #Cid: netapi_ms06_040.c |
2006-08-17 |
eEye Digital Security EEYEB-AD20060824: Internet Explorer Compressed Content URL Heap Overflow Vulnerability Long URL Buffer Overflow Vulnerability(CVE-2006-3869,MS06-042,VU#821156) Vulnerability Reported |
2006-08-15 |
Microsoft MS06-042: Cumulative Security Update for Internet Explorer (918899) Bulletin caveats updated with additional information affecting some Internet Explorer 6 Service Pack 1 customers. |
2006-08-15 |
LURHQ Corporation Mocbot Spam Analysis The recent Mocbot variant found exploiting the vulnerability described in MS06-040 is not especially unique. Many different malware variants use IRC as a command-and-control (C&C) channel. In this article we explore the Mocbot C&C in order to gain a better understanding of the reason for Mocbot's existence. |
2006-08-14 23:00 |
Cisco Systems Cisco Security Response Document ID: 70997: Mitigating Exploitation of the MS06-040 Service Buffer Vulnerability Cisco devices provide several countermeasures for the MS06-040 leavingcisco.com vulnerability. The most preventative control is provided by Cisco Security Agent (CSA) at the end host level. |
2006-08-14 17:48 |
SANS MS06-040: BOLO -- Be On the LookOut Over the weekend there was a botnet doing fairly wide scale scanning for hosts affected by the vulnerabilities in the MS06-040 advisory. |
2006-08-14 03:42 |
Microsoft Microsoft Security Advisory (922437): Exploit Code Published Affecting the Server Service Exploit for MS06-040 Advisory updated to detail activity related to Win32/Graweg. Microsoft is aware of public reports regarding an attack known as Win32/Graweg exploiting the vulnerability addressed by security update MS06-040. Microsoft's initial investigation of Win32/Graweg verified that it only affects users running Windows 2000 that have not applied the update detailed in MS06-040. Microsoft has activated its emergency response process and is continuing to investigate this issue. |
2006-08-13 13:37 |
SANS MS06-040 wgareg / wgavm update We have received samples and infection reports from several sources. |
2006-08-12 |
LURHQ Corporation Mocbot/MS06-040 Analysis LURHQ's Threat Intelligence Group has detected a Mocbot variant in the wild utilizing the MS06-040 vulnerability in order to spread in a worm-like fashion. |
2006-08-12 |
McAfee IRC-Mocbot!MS06-040 |
2006-08-12 |
Symantec W32.Wargbot Exploit for MS06-040 |
2006-08-12 |
Trend Micro WORM_IRCBOT.JL Exploit for MS06-040 |
2006-08-12 |
Trend Micro WORM_IRCBOT.JK Exploit for MS06-040 |
2006-08-11 20:57 |
Microsoft Microsoft Security Advisory (922437): Exploit Code Published Affecting the Server Service Exploit for MS06-040 |
2006-08-11 |
LURHQ Corporation MS06-040 Exploit: More Hype Than Threat Multiple sources are sounding alarms based on the MS06-040 exploit, predicting an imminent worm outbreak of Blaster-like proportions. |
2006-08-11 |
SANS MS06-040 exploit(s) publicly available As almost everyone predicted, it didn't take long to have MS06-040 (vulnerability in the Server service) publicly available. |
2006-08-11 |
Trend Micro TROJ_MDROPPER.BI Exploit for MS06-047 |
2006-08-10 15:48 |
NISCC 20060810-00546: Exploit for MS06-040 (vulnerability in the Server service) publicly available A vulnerability in the Microsoft Server service, addressed in Microsoft Security Bulletin MS06-040, is being exploited. |
2006-08-10 07:57 |
Full-disclosure RE: [Full-disclosure] Exploit for MS06-040 Out? a proof-of-concept code for this vulnerability (CVE-2006-3439,MS06-040) #Cid: netapi_ms06_040.pm |
2006-08-10 06:19 |
eEye Digital Security Retina MS06-040 NetApi32 Scanner eEye Digital Security has created a standalone vulnerability scanner to help identify systems vulnerable to this flaw. This scanner will identify the vulnerability on all systems with the exception of Windows NT. |
2006-08-10 |
NSFocus Corporation NSFOCUS Security Advisory(SA2006-08): Microsoft IE6 urlmon.dll Long URL Buffer Overflow vulnerability Long URL Buffer Overflow Vulnerability(CVE-2006-3869,MS06-042) Vulnerability Reported |
2006-08-10 |
US-CERT Public Exploit Code for a Vulnerability in Microsoft Server Service US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Microsoft Windows Server service. This vulnerability can be exploited by sending a specially crafted packet to an affected system. |
2006-08-09 18:24 |
Full-disclosure RE: [Full-disclosure] Exploit for MS06-040 Out? a proof-of-concept code for this vulnerability (CVE-2006-3439,MS06-040) #Cid: ms06_040.tgz |
2006-08-09 11:55 |
SANS Internet Storm Center Microsoft exploits on Reboot Wednesday |
2006-08-09 02:38 |
JPCERT/CC JPCERT-AT-2006-0011: Microsoft Products Vulnerabilities |
2006-08-09 |
Department of Homeland Security DHS Recommends Security Patch to Protect Against a Vulnerability Found In Windows Operating Systems The Department of Homeland Security (DHS) is recommending that Windows Operating Systems users apply Microsoft security patch MS06-040 as quickly as possible. This security patch is designed to protect against a vulnerability that, if exploited, could enable an attacker to remotely take control of an affected system and install programs, view, change, or delete data, and create new accounts with full user rights. |
2006-08-08 21:07 |
US-CERT TA06-220A: Microsoft Products Contain Multiple Vulnerabilities Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Office, Works Suite, Visual Basic for Applications, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. |
2006-08-08 20:00 |
Internet Security Systems AlertCon (1) => (2) |
2006-08-08 |
US-CERT Active Exploitation of a Vulnerability in Microsoft Server Service US-CERT is aware of active exploitation of a buffer overflow vulnerability in the Microsoft Windows Server service. If a remote attacker sends a specially crafted packet to a vulnerable Windows system, that attacker may be able to execute arbitrary code with SYSTEM privileges. |
2006-08-08 |
Internet Security Systems Microsoft DNS Client Integer Overflow Vulnerability X-Force has discovered a flaw in the Microsoft DNS client software. By sending malicious DNS responses to a Windows machine, attackers can trigger a heap corruption and gain control of the affected host. |
2006-08-08 |
Internet Security Systems Microsoft DNS Client ATMA Buffer Overflow Vulnerability X-Force has discovered a flaw in the Microsoft DNS client software. By sending malicious DNS responses to a Windows machine, attackers can trigger a heap corruption and gain control of the affected host. |
2006-08-08 |
Internet Security Systems Microsoft DNS Client Character String Buffer Overflow Vulnerability X-Force has discovered a flaw in the Microsoft DNS client software. By sending malicious DNS responses to a Windows machine, attackers can trigger a heap corruption and gain control of the affected host. |
2006-08-08 |
Internet Security Systems Microsoft Server Service Buffer Overflow Vulnerability The Microsoft Server Service is vulnerable to remote code execution. By sending malicious requests to the named pipe for the Server Service, attackers can trigger a stack overflow and gain control of the affected host. |
2006-08-08 |
Microsoft MS06-AUG: Microsoft Security Bulletin Summary for August, 2006 Included in this advisory are updates for newly discovered vulnerabilities. |
2006-07-14 |
Sowhat of Nevis Labs Microsoft PowerPoint Malformed Record Memory Corruption Vulnerability Microsoft PowerPoint Malformed Records Vulnerability(CVE-2006-3449,MS06-048) Vulnerability Reported This vulnerability allows remote attackers to execute arbitrary code in the context of the logged in user. An array boundary condition may be violated by a malicious .PPT file in order to redirect execution into attacker-supplied data. Exploitation requires that the attacker coerce or persuade the victim to open a malicious .PPT file. |
2006-06-14 |
Zero Day Initiative (ZDI) ZDI-06-027: Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability HTML Layout and Positioning Memory Corruption Vulnerability(CVE-2006-3450,MS06-042) Vulnerability Reported This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. |
2006-06-14 |
Zero Day Initiative (ZDI) ZDI-06-026: Microsoft Internet Explorer Multiple CSS Imports Memory Corruption Vulnerability CSS Memory Corruption Vulnerability(CVE-2006-3451,MS06-042) Vulnerability Reported This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. |
2006-04-27 |
TippingPoint TSRT-06-09: Microsoft DirectAnimation COM Object Memory Corruption Vulnerability COM Object Instantiation Memory Corruption Vulnerability(CVE-2006-3638,MS06-042) Vulnerability Reported This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. |
2006-04-27 |
TippingPoint TSRT-06-08: Microsoft Internet Help COM Object Memory Corruption Vulnerability Buffer Overrun in HTML Help Vulnerability(CVE-2006-3357,MS06-046) Vulnerability Reported This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. |
2006-02-28 |
TippingPoint TSRT-06-10: Microsoft HLINK.DLL Hyperlink Object Library Buffer Overflow Vulnerability Hyperlink Object Buffer Overflow Vulnerability(CVE-2006-3086,MS06-050) Vulnerability Reported This vulnerability allows remote attackers to execute arbitrary code on vulnerable applications that utilize Microsoft Hyperlink Component Object Model (COM) objects. Specifically, this includes at least Microsoft Word, PowerPoint and Excel. Exploitation over the web is doable via Office Web Components (OWC). It is not required for the target to have OWC installed. |