34 KBMicrosoft Security Bulletins
March 2006
Prior Updates:
2009
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2008
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
March 2006
Microsoft Security Bulletin MS06-011
Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)
Severity: ImportantVulnerabilities:
- Permissive Windows Services DACLs could allow elevation of privilege - CVE-2006-0023
A privilege elevation vulnerability exists on Windows XP Service Pack 1 on the identified Windows services where the permissions are set by default to a level that may allow a low-privileged user to change properties associated with the service. On Windows 2003 permissions on the identified services are set to a level that may allow a user that belongs to the network configuration operators group to change properties associated with the service. Only members of the Network Configuration Operators group on the targeted machine can remotely attack Windows Server 2003, and this group contains no users by default. The vulnerability could allow a user with valid logon credentials to take complete control of the system on Microsoft Windows XP Service Pack 1.
Microsoft Security Bulletin MS06-012
Vulnerabilities in Microsoft Office Could Allow Remote Code Execution (905413)
Severity: CriticalVulnerabilities:
- Microsoft Office Excel Remote Code Execution Using a Malformed Range Vulnerability - CVE-2005-4131
A remote code execution vulnerability exists in Excel using a malformed range. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Microsoft Office Excel Remote Code Execution Using a Malformed File Format Parsing Vulnerability - CVE-2006-0028
A remote code execution vulnerability exists in Excel using a malformed parsing format file. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Microsoft Office Excel Remote Code Execution Using a Malformed Description Vulnerability - CVE-2006-0029
A remote code execution vulnerability exists in Excel using a malformed description. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Microsoft Office Excel Remote Code Execution Using a Malformed Graphic Vulnerability - CVE-2006-0030
A remote code execution vulnerability exists in Excel using malformed graphic. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Microsoft Office Excel Remote Code Execution Using a Malformed Record Vulnerability - CVE-2006-0031
A remote code execution vulnerability exists in Excel using a malformed record. An attacker could exploit the vulnerability by constructing a specially crafted Excel file that could allow remote code execution. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights. - Microsoft Office Remote Code Execution Using a Malformed Routing Slip Vulnerability - CVE-2006-0009
A remote code execution vulnerability exists in Office. An attacker could exploit the vulnerability by constructing a specially crafted routing slip within an Office document that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of the affected system.
