Published: 2007-08-15T06:08+00:00    Last Updated: 2007-09-03T00:01+00:00

TRTA07-226A
Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

Event Information

Date (UTC)Description
2007-08-29 Bugtraq
MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046)
Remote Code Execution Vulnerability in GDI - Proof Of Concept (CVE-2007-3034,MS07-046)
#Cid: 25302-MS07-046.c
#Tested: Windows XP [KR] + SP2
2007-08-16 09:32 Bugtraq
MS07-042 XMLDOM substringData() PoC
a proof-of-concept code for this vulnerability (CVE-2007-2223,MS07-042)
#Cid: 25031.js
2007-08-15 22:33 Symantec
ThreatCON (2) => (1)
2007-08-15 01:47 JPCERT/CC
JPCERT-AT-2007-0018: Aug 2007 Microsoft Security Bulletin (including six critical patches)
2007-08-14 23:42 Symantec
ThreatCON (1) => (2)
On August 14, 2007, Microsoft released nine security bulletins addressing vulnerabilities in several products. Six issues are 'critical', three are 'important'. Users are urged to review the bulletins and to apply the patches as soon as possible.
2007-08-14 20:26 US-CERT
TA07-226A: Microsoft Updates for Multiple Vulnerabilities
Via US-CERT Mailing List
2007-08-14 18:21 SANS Internet Storm Center
August 'Black Tuesday' overview
Overview of the August 2007 Microsoft patches and their status.
2007-08-14 18:16 US-CERT
Microsoft Releases August Security Bulletins
Microsoft has released updates to address vulnerabilities in Windows, Windows Media Player, Windows Gadgets, Office, Excel, Internet Explorer, Visual Basic, Virtual Sever, and Virtual PC as part of the Microsoft Security Bulletin Summary for August 2007.
2007-08-14 Microsoft
MS07-AUG: Microsoft Security Bulletin Summary for August 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-08-14 Internet Security Systems
Microsoft Vector Markup Language Remote Code Execution
A vulnerability in Microsoft's implementation of Vector Markup Language could allow remote code execution.
2007-08-14 Internet Security Systems
Microsoft XML Core Services Remote Code Execution
A vulnerability in Microsoft XML Core Services could allow remote code execution.
2007-05-22 Zero Day Initiative (ZDI)
ZDI-07-047: Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
Windows Media Player Code Execution Vulnerability Decompressing Skins(MS07-047, CVE-2007-3035)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerability Reported
2007-03-27 eEye Digital Security
EEYEB-AD20070814b: Windows Metafile AttemptWrite Heap Overflow
Remote Code Execution Vulnerability in GDI (CVE-2007-3034,MS07-046)
Vulnerability Reported
2007-03-21 iDefense
Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability
Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability(CVE-2007-3033,MS07-048)
Vulnerability Reported
2007-03-19 Zero Day Initiative (ZDI)
ZDI-07-046: Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
Windows Media Player Code Execution Vulnerability Parsing Skins(MS07-047, CVE-2007-3037)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerability Reported
2006-10-24 eEye Digital Security
EEYEB-AD20070814a: VGX.DLL Compressed Content Heap Overflow Vulnerability
VML Buffer Overrun Vulnerability (CVE-2007-1749,MS07-050)
Vulnerability Reported
2006-10-03 Zero Day Initiative (ZDI)
ZDI-07-048: Microsoft Internet Explorer substringData() Heap Overflow Vulnerability
Microsoft XML Core Services Vulnerability(MS07-042, CVE-2007-2223)
OLE Automation Memory Corruption Vulnerability(MS07-043, CVE-2007-2224)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Vulnerability Reported
2006-08-31 NSFocus Corporation
NSFOCUS Security Advisory (SA2007-01): Microsoft IE5 CSS Parsing Memory Corruption Vulnerability
CSS Memory Corruption Vulnerability(CVE-2007-0943,MS07-045)
Vulnerability Reported
2006-05-17 iDefense
Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability
Microsoft XML Core Services Vulnerability(CVE-2007-2223,MS07-042,MS07-043)
Vulnerability Reported

Other Information

CVE CVE-2007-3034
CVE-2007-0943
CVE-2007-1749
CVE-2007-2223
CVE-2007-2224
CVE-2007-3033
CVE-2007-3034
CVE-2007-3035
CVE-2007-3037