|
|
|
Microsoft PowerPoint Mso.dll Vulnerability - CVE-2006-3590:
A remote code execution vulnerability exists in PowerPoint and could be exploited when a file containing a malformed shape container is parsed by PowerPoint. Such a file might be included in an e-mail attachment or hosted on a malicious web site. An attacker could exploit the vulnerability by constructing a specially crafted PowerPoint file that could allow remote code execution.
|
|
|
Full View / NID: 11847 / Submitted by: TACKtech Team
|
|
|
Visual Basic for Applications Vulnerability - CVE-2006-3649:
A remote code execution vulnerability exists in the way that Visual Basic for Applications (VBA) checks the document properties that a host application passes to it when opening a document. This vulnerability could allow an attacker who successfully exploited the vulnerability to take complete control of the affected system.
|
|
|
Full View / NID: 11846 / Submitted by: TACKtech Team
|
|
|
This update resolves two newly discovered, privately reported vulnerabilities. On vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 11369 / Submitted by: TACKtech Team
|
|
|
This update resolves several newly discovered, privately reported and public vulnerabilities. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 11368 / Submitted by: TACKtech Team
|
|
|
This update resolves several newly discovered, privately reported and public vulnerabilities. When using vulnerable versions of Office, if a user were logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 11367 / Submitted by: TACKtech Team
|
|
|
In Microsoft Office Outlook 2007, you can configure security options by using new Group Policy settings. These settings were previously configurable by customizing the Exchange Security Form and publishing the form to an Microsoft Exchange Server public folder.
|
|
|
Full View / NID: 11325 / Submitted by: TACKtech Team
|
|
|
Microsoft PowerPoint Remote Code Execution Using a Malformed Record Vulnerability - CVE-2006-0022. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 10942 / Submitted by: TACKtech Team
|
|
|
A remote code execution vulnerability exists in Word using a malformed object pointer. An attacker could exploit the vulnerability by constructing a specially crafted Word file that could allow remote code execution.
|
|
|
Full View / NID: 10941 / Submitted by: TACKtech Team
|
|
|
The cross-site scripting vulnerability could allow an attacker to run client-side script on behalf of an FPSE user. The script could spoof content, disclose information, or take any action that the user could take on the affected web site. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability against an administrator could take complete control of a Front Page Server Extensions 2002 server.
|
|
|
Full View / NID: 10050 / Submitted by: Travis
|
|
|
This update resolves several newly-discovered, privately reported and public vulnerabilities. Each vulnerability is documented in this bulletin in its own "Vulnerability Details" section of this bulletin.
|
|
|
Full View / NID: 10064 / Submitted by: TACKtech Team
|
|
|
A remote code execution vulnerability exists. An attacker could exploit the vulnerability by constructing a specially crafted file that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.
|
|
|
Full View / NID: 9781 / Submitted by: TACKtech Team
|
|
|
Microsoft has released an update to the spelling checker for Microsoft Office XP. This update significantly improves how Office XP programs find and correct errors in Dutch language documents.
|
|
|
Full View / NID: 9777 / Submitted by: TACKtech Team
|
|
|
An Information Disclosure vulnerability exists in PowerPoint. An attacker who successfully exploited this vulnerability could remotely attempt to access objects in the Temporary Internet Files Folder (TIFF) explicitly by name. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to produce useful information that could be used to try to further compromise the affected system.
|
|
|
Full View / NID: 9428 / Submitted by: Travis
|
|
|
A remote code execution vulnerability exists in Microsoft Outlook and Microsoft Exchange Server because of the way that it decodes the Transport Neutral Encapsulation Format (TNEF) MIME attachment.
|
|
|
Full View / NID: 9086 / Submitted by: TACKtech Team
|
|
|
This update resolves a newly-discovered, privately-reported vulnerability. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
|
|
|
Full View / NID: 7239 / Submitted by: TACKtech Team
|
|
|
Buffer Overrun in Microsoft Word CAN-2004-0963 and CAN-2005-0558:
A vulnerability exists in Microsoft Word that could allow an attacker to run arbitrary code on a users system.
If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges.
Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
|
|
|
Full View / NID: 6193 / Submitted by: TACKtech Team
|
|
|
This update resolves a newly-discovered, privately reported vulnerability that could allow an attacker to run code on the affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin.
|
|
|
Full View / NID: 5435 / Submitted by: Travis
|
|
|
Visio 2002 Service Pack 2 (SP2) provides the latest updates to Microsoft Visio 2002. SP2 contains significant security enhancements as well as stability and performance improvements.
|
|
|
Full View / NID: 5325 / Submitted by: TACKtech Team
|
|
|
This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
|
|
|
Full View / NID: 4256 / Submitted by: TACKtech Team
|
|
|
The Microsoft WordPerfect Converter security update for September 2004 addresses a newly discovered issue in the Microsoft WordPerfect 5.x converter, a technology present in several productivity and publishing programs, including some Microsoft Office programs.
|
|
|
Full View / NID: 3964 / Submitted by: TACKtech Team
|
|
; void('');){kind=link}
