Microsoft Windows, Internet Explorer, Media Player, Word, PowerPoint, and Exchange Vulnerabilities

Systems Affected

• Microsoft Windows
• Microsoft Windows Media Player
• Microsoft Internet Explorer
• Microsoft PowerPoint for Windows and Mac OS X
• Microsoft Word for Windows
• Microsoft Office
• Microsoft Works Suite
• Microsoft Exchange Server Outlook Web Access

For more complete information, refer to the Microsoft Security Bulletin Summary for June 2006.

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.

I. Description

Microsoft Security Bulletin Summary for June 2006 addresses vulnerabilities in Microsoft Windows, Word, PowerPoint, Media Player, Internet Explorer, and Exchange Server. Further information is available in the following US-CERT Vulnerability Notes:

VU#722753 - Microsoft IP Source Route Vulnerability

A vulnerability in Microsoft Windows could allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2379)

VU#446012 - Microsoft Word object pointer memory corruption vulnerability

A memory corruption vulnerability in Microsoft Word could allow a remote attacker to execute arbitrary code with the privileges of the user running Word.
(CVE-2006-2492)

VU#190089 - Microsoft PowerPoint malformed record vulnerability

Microsoft PowerPoint fails to properly handle malformed records. This may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-0022)

VU#923236 - Microsoft Windows ART image handling buffer overflow

Microsoft Windows ART image handling routines are vulnerable to a heap-based buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2378)

VU#390044 - Microsoft JScript memory corruption vulnerability

Microsoft JScript contains a memory corruption vulnerability. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-1313)

VU#338828 - Microsoft Internet Explorer exception handling vulnerability

Microsoft Internet Explorer fails to properly handle exception conditions. This may allow a remote, unauthenticated attacker to execute arbitrary code.
(CVE-2006-2218)

VU#417585 - Microsoft DXImageTransform Light filter fails to validate input

The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2383)

VU#959049 - Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Microsoft Internet Explorer (IE) allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE.
(CVE-2006-2127)

VU#136849 - Microsoft Internet Explorer UTF-8 decoding vulnerability

Microsoft Internet Explorer fails to properly decode UTF-8 encoded HTML. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2382)

VU#909508 - Microsoft Graphics Rendering Engine fails to properly handle WMF images

Microsoft Windows Graphics Rendering Engine contains a vulnerability that may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2376)

VU#608020 - Microsoft Windows Media Player PNG processing buffer overflow

Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-0025)

VU#814644 - Microsoft Remote Access Connection Manager service vulnerable to buffer overflow

A vulnerability in the Microsoft Remote Access Connection Manager may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CVE-2006-2371)

VU#631516 - Microsoft Routing and Remote Access does not properly handle RPC requests

There is a vulnerability in the Microsoft Windows Routing and Remote Access Service that could allow an attacker to take control of the affected system.
(CVE-2006-2370)

VU#138188 - Microsoft Outlook Web Access for Exchange Server script injection vulnerability

A script injection vulnerability exists in Microsoft Exchange Server running Outlook Web Access.
(CVE-2006-1193)

II. Impact

A remote, unauthenticated attacker could execute arbitrary code on a vulnerable system. An attacker may also be able to cause a denial of service.

III. Solution

Apply Updates

Microsoft has provided updates for these vulnerabilities in the Security Bulletins. Microsoft Windows updates are available on the Microsoft Update site.

Workarounds

Please see the following Vulnerability Notes for workarounds.

Appendix A. References

• Microsoft Security Bulletin Summary for June 2006 - <http://www.microsoft.com/technet/security/bulletin/ms06-jun.mspx>
• Technical Cyber Security Alert TA06-139A - <http://www.us-cert.gov/cas/techalerts/TA06-139A.html>
• US-CERT Vulnerability Notes for Microsoft Updates for June 2006 - <http://www.kb.cert.org/vuls/byid?searchview&query=ms06-june>
• US-CERT Vulnerability Note VU#446012 - <http://www.kb.cert.org/vuls/id/446012>
• US-CERT Vulnerability Note VU#190089 - <http://www.kb.cert.org/vuls/id/190089>
• US-CERT Vulnerability Note VU#923236 - <http://www.kb.cert.org/vuls/id/923236>
• US-CERT Vulnerability Note VU#390044 - <http://www.kb.cert.org/vuls/id/390044>
• US-CERT Vulnerability Note VU#338828 - <http://www.kb.cert.org/vuls/id/338828>
• US-CERT Vulnerability Note VU#417585 - <http://www.kb.cert.org/vuls/id/417585>
• US-CERT Vulnerability Note VU#136849 - <http://www.kb.cert.org/vuls/id/136849>
• US-CERT Vulnerability Note VU#909508 - <http://www.kb.cert.org/vuls/id/909508>
• US-CERT Vulnerability Note VU#722753 - <http://www.kb.cert.org/vuls/id/722753>
• US-CERT Vulnerability Note VU#959049 - <http://www.kb.cert.org/vuls/id/959049>
• US-CERT Vulnerability Note VU#138188 - <http://www.kb.cert.org/vuls/id/138188>
• US-CERT Vulnerability Note VU#608020 - <http://www.kb.cert.org/vuls/id/608020>
• US-CERT Vulnerability Note VU#814644 - <http://www.kb.cert.org/vuls/id/814644>
• US-CERT Vulnerability Note VU#631516 - <http://www.kb.cert.org/vuls/id/631516>
• CVE-2006-2492 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2492>
• CVE-2006-0022 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0022>
• CVE-2006-2378 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2378>
• CVE-2006-1313 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1313>
• CVE-2006-2218 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2218>
• CVE-2006-2383 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2383>
• CVE-2006-2127 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2127>
• CVE-2006-2382 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2382>
• CVE-2006-2376 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2376>
• CVE-2006-2379 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2379>
• CVE-2006-1193 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1193>
• CVE-2006-0025 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0025>
• CVE-2006-2371 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2371>
• CVE-2006-2370 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2370>
• Microsoft Update - <https://update.microsoft.com/microsoftupdate>
• Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/#Internet_Explorer>

Feedback can be directed to the US-CERT Technical Staff.

Produced 2006 by US-CERT, a government organization. Terms of use

Revision History

June 13, 2006: Initial release