Status Tracking Note TRTA07-009A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2007-01-19 06:31 JPCERT/CC
JPCERT-AT-2007-0001: Jan 2007 Microsoft Security Bulletin (including three critical patches)
2007-01-18 Bugtraq
MS07-004 VML integer overflow exploit
a proof-of-concept code for VML Buffer Overrun Vulnerability (CVE-2007-0024,MS07-004)
#Cid: mmsjVML.c
#Tested: Windows XP + SP2 [EN]
2007-01-18 Microsoft
KB931183: Re-release of Security Bulletin MS07-002 resolves issue of Excel 2000 not opening some files
Microsoft has re-released MS07-002 to resolve this issue.
2007-01-17 Bugtraq
MS07-004 VML integer overflow exploit
a proof-of-concept code for VML Buffer Overrun Vulnerability (CVE-2007-0024,MS07-004)
#Cid: vml_exp.pl
2007-01-16 06:34 Bugtraq
MS07-004 VML integer overflow exploit
a proof-of-concept code for VML Buffer Overrun Vulnerability (CVE-2007-0024,MS07-004)
#Cid: 21930.html
#Tested: Windows XP [KR]
2007-01-15 16:05 Internet Security Systems
AlertCon (2) => (1)
2007-01-12 Microsoft
KB931183: Excel 2000 does not open some files after you install security update 925524 that is documented in security bulletin MS07-002
Workaround: Use Excel Viewer 2003, Microsoft Excel 2002, or Microsoft Office Excel 2003 to open the files.
2007-01-11 12:34 JPCERT/CC
JPCERT-AT-2007-0001: Jan 2007 Microsoft Security Bulletin (including three critical patches)
2007-01-10 06:06 JPCERT/CC
JPCERT-AT-2007-0001: Jan 2007 Microsoft Security Bulletin (including three critical patches)
2007-01-10 03:40 Internet Security Systems
AlertCon (1) => (2)
2007-01-09 20:39 Symantec
ThreatCON (1) => (2)
2007-01-09 20:20 US-CERT
TA07-009A: Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Outlook, and Excel. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
2007-01-09 Internet Security Systems
Microsoft Outlook .oss file buffer overflow
2007-01-09 Internet Security Systems
Microsoft Internet Explorer VML record buffer overflow
2007-01-09 Internet Security Systems
Microsoft Outlook .iCal meeting request VEVENT buffer overflow
2006-12-12 Microsoft
MS07-JAN: Microsoft Security Bulletin Summary for January, 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2006-12-05 Computer Terrorism (UK)
CT09-01-2007: Microsoft Outlook Advanced Find - Remote Code Execution
Microsoft Outlook Advanced Find Vulnerability(CVE-2007-0034,MS07-003)
Vulnerability Reported
2006-10-03 iDefense
Microsoft Windows VML Element Integer Overflow Vulnerability
VML Buffer Overrun Vulnerability(CVE-2007-0024,MS07-004)
Vulnerability Reported
2006-09-22 iDefense
Microsoft Excel Long Palette Heap Overflow Vulnerability
Excel Malformed Palette Record Vulnerability(CVE-2007-0031,MS07-002)
Vulnerability Reported
2006-09-14 iDefense
Microsoft Excel Invalid Column Heap Corruption Vulnerability
Excel Malformed Column Record Vulnerability(CVE-2007-0030,MS07-002)
Vulnerability Reported


Date first published (UTC): 2007-01-11T14:32+00:00
Date last updated (UTC): 2007-01-21T02:03+00:00