Microsoft

(MS07-001) Vulnerability in Microsoft Office 2003 Brazilian Portuguese Grammar Checker Could Allow Remote Code Execution

A remote code execution vulnerability exists in Office 2003 Brazilian Portuguese Grammar Checker.

(MS07-004) Vulnerability in Vector Markup Language Could Allow Remote Code Execution

A remote code execution vulnerability exists in the Vector Markup Language (VML) implementation in Microsoft Windows.

(MS07-003): Vulnerabilities in Microsoft Outlook Could Allow Remote Code Execution

When using vulnerable versions of Office, if a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of the system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

(MS06-073) Vulnerability in Visual Studio 2005 Could Allow Remote Code Execution

A remote code execution vulnerability exists in the WMI Object Broker control that the WMI Wizard uses in Visual Studio 2005.

(MS06-078) Vulnerability in Windows Media Format Could Allow Remote Code Execution

This update resolves two newly discovered vulnerabilities.

(MS06-076) Cumulative Security Update for Outlook Express

A remote code execution vulnerability in a component of Outlook Express could allow an attacker who sent a Windows Address Book file to a user of an affected system to take complete control of the system.

(MS06-077) Vulnerability in Remote Installation Service Could Allow Remote Code Execution

(MS06-075) Vulnerability in Windows Could Allow Elevation of Privilege

A privilege elevation vulnerability exists in the way that Microsoft Windows starts applications with specially crafted file manifests.

(MS06-074) Vulnerability in SNMP Could Allow Remote Code Execution

A remote code execution vulnerability exists in SNMP Service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

(MS06-072) Cumulative Security Update for Internet Explorer

If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system.

Vulnerability in Microsoft Word Could Allow Remote Code Execution (929433)

An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.

(MS06-069) Vulnerabilities in Macromedia Flash Player from Adobe Could Allow Remote Code Execution (923789)

This update resolves privately reported vulnerabilities in Macromedia Flash Player from Adobe, version 6.0.84.0 and earlier. Macromedia Flash Player is a third party software application that also was redistributed with Microsoft Windows XP Service Pack 2 and Microsoft Windows XP Professional x64 Edition. Each vulnerability is documented in the "Vulnerability Details" section of this bulletin. The Adobe Security Bulletin APSB06-11, issued September 12, 2006, describes the vulnerabilities and provides the download locations for customers who have installed Flash Player 7 and higher so that you can install the appropriate update based on the version of Flash Player you are using. Customers that have followed the guidance in the Adobe Security Bulletin are not at risk from these vulnerabilities.

If a user is logged on with administrative user rights, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

We recommend that customers apply the update immediately.

(MS06-066) Vulnerabilities in Client Service for NetWare Could Allow Remote Code Execution (923980)

This update resolves several newly discovered, privately reported vulnerabilities. Each vulnerability is documented in its own subsection in the "Vulnerability Details" section of this bulletin.
The Client Service for NetWare is also called the Gateway Service for NetWare on Windows 2000 Server.
On vulnerable versions of Microsoft Windows, an attacker who successfully exploited these vulnerabilities could remotely take complete control of the client workstation. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
We recommend that customers apply the update at the earliest opportunity.

(MS06-068) Vulnerability in Microsoft Agent Could Allow Remote Code Execution (920213)

There is a remote code execution vulnerability in the way that Microsoft Agent handles specially crafted .ACF files. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

(MS06-070) Vulnerability in Workstation Service Could Allow Remote Code Execution (924270)

A remote code execution vulnerability exists in the Workstation service that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.