Microsoft Windows and Exchange Server Vulnerabilities
Original release date: May 9, 2006
Last revised: --
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Exchange Server
For more complete information, refer to the Microsoft Security Bulletin Summary for May 2006.
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows and Exchange Server. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system.
I. Description
Microsoft
Security Bulletin Summary for May 2006 addresses vulnerabilities
in Microsoft Windows and Exchange Server. Further information is available in the
following US-CERT Vulnerability Notes:
VU#303452 -
Microsoft Exchange fails to properly handle vCal and iCal properties
Microsoft Exchange Server does not properly handle the vCal and iCal properties of email messages. Exploitation of this vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on an Exchange Server.
(CVE-2006-0027)
VU#945060 -
Adobe Flash products contain multiple vulnerabilities
Several vulnerabilities in Adobe Macromedia Flash products may allow a remote attacker to execute code on a vulnerable system.
(CVE-2006-0024)
VU#146284 -
Macromedia Flash Player fails to properly validate the frame type identifier read from a "SWF" file
A buffer overflow vulnerability in some versions of the Macromedia Flash Player may allow a remote attacker to execute code on a vulnerable system.
(CVE-2005-2628)
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial
of service.
III. Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the
Security Bulletins. Microsoft Windows updates are available on the Microsoft Update site.
Workarounds
Please see the US-CERT Vulnerability Notes for workarounds.
Appendix A. References
Feedback can be directed to the US-CERT Technical Staff.
Produced 2006 by US-CERT, a government organization. Terms of use
Revision History
May 9, 2006: Initial release