 Microsoft today released its October 2007 security bulletin,
which includes six updates: four are designated as Critical by the
software giant; two are deemed Important, and one previously announced
patch was dropped. On the Windows side there is a cumulative update for
Internet Explorer, a patch for Outlook/Windows Mail, and one for an RPC
vulnerability. On the Microsoft Office side, there is a patch for
SharePoint Server and one critical patch for Microsoft Office Word,
including Microsoft Office 2004 for Mac. And one patch for the Kodak
Image Viewer. All Microsoft security patches for Windows and Office
software are available via Microsoft Update or via the individual bulletins detailed below.
Entitled "Vulnerability in Kodak Image Viewer Could Allow Remote Code Execution (923810)," this bulletin affects users of Microsoft Windows 2000, Windows XP SP2, and Windows Server 2003 x64 and Itanium-based users, or Windows Vista, and addresses the vulnerability detailed in CVE-2007-2217. A vulnerability exists in the way that the Kodak Image Viewer, formerly known as Wang Image Viewer, handles specially crafted images files. Successful exploitation could allow remote code execution. Entitled "Security Update for Outlook Express and Windows Mail (941202)," this bulletin affects users of Outlook Express 5.5, 6, and Windows Mail running on Windows 2000, Windows XP, and Windows Server 2003, and Windows Vista, and addresses the vulnerability detailed in CVE-2007-3897. Successful exploitation due to an incorrectly handled malformed NNTP response could allow remote code execution. Entitled "Cumulative Security Update for Internet Explorer (939653)," this bulletin affects users of Internet Explorer 5.01, 6, and 7 running on Windows 2000, Windows XP, and Windows Server 2003, and Windows Vista, and addresses the four vulnerabilities detailed in CVE-2007-3892, CVE-2007-3893, CVE-2007-1091 and CVE-2007-3826. Successful exploitation due could allow remote code execution. Entitled "Vulnerability in RPC Could Allow Denial of Service (933729)," this bulletin affects users of Windows 2000, Windows Server 2003, Windows XP, and Windows Vista, and addresses the vulnerability detailed in CVE-2007-2228. Successful exploitation could lead to a denial-of-service vulnerability. Entitled "Vulnerability in Windows SharePoint Services 3.0 and Office SharePoint Server 2007 Could Result in Elevation of Privilege Within the SharePoint Site (942017)," this bulletin affects users of Microsoft Windows Server 2003 SP1 running SharePoint Services 3.0 and Microsoft Office SharePoint Server 2007, and addresses the vulnerability detailed in CVE-2007-2581. Successful exploitation could allow an attacker to run arbitrary script to modify a user's cache, resulting in information disclosure at the workstation. Entitled "Vulnerability in Microsoft Word Could Allow Remote Code Execution (942695)," this bulletin affects users of Microsoft Office 2000 Service Pack 3, Microsoft Office XP Service Pack 3, and Microsoft Office 2004 for Mac, and does not affect Microsoft Office 2003 Service Pack 2 and 3 and 2007 Microsoft Office system, and addresses the vulnerability detailed in CVE-2007-3899. Successful exploitation if a user opens a specially crafted Word file with a malformed string could allow remote code execution. |
-
0.00 (0 Vote) 
- Digg this
|
Random Technology News
Leipzig: Games Convention 2009 dated, GC 2008 sets record
by
Shaon
in
Gamers News
- 08/25/08
·
1 favs
Deutsche Telekom To Sell Hotly-Awaited iPhone in Germany
by
Morshad
in
Apple News
- 09/19/07
·
0 favs
|
|
|
Latest Technology News
Review: Google's Mobile App & Voice Search for iPhone
by
News Editor
in
Technology News
- 6 hours ago
·
1 favs
HP fine-tunes Opteron rack box for nonexistent servers
by
Morshad
in
Technology News
- 11/17/08
·
1 favs
|
Popular Technology News
HP fine-tunes Opteron rack box for nonexistent servers
by
Morshad
in
Technology News
- 11/17/08
·
1 favs
|
