Status Tracking Note TRTA07-044A

Microsoft Updates for Multiple Vulnerabilities

Overview

Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Works, Malware Protection Engine, Visual Studio, and Step-by-Step Interactive Training. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
Event Information


Date (UTC)Description
2007-03-09 09:55 Bugtraq
Microsoft Internet Explorer WinINet.DLL FTP Server Response Parsing Memory Corruption Vulnerability
MS07-016 FTP Response DOS PoC
Vulnerability Proof Of Concept (CVE-2007-0217,MS07-016)
#Cid: ms07016ftp.pl
#Cid: 22489.pl
#Tested: MSIE 6.02900.2180 (SP2)
2007-02-14 01:49 JPCERT/CC
JPCERT-AT-2007-0005: February 2007 Microsoft Security Bulletin (including six critical patches)
2007-02-13 19:46 US-CERT
TA07-044A: Microsoft Updates for Multiple Vulnerabilities
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Office, Works, Malware Protection Engine, Visual Studio, and Step-by-Step Interactive Training. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.
2007-02-13 Internet Security Systems
Microsoft Windows Protection Engine Remote Heap Overflow
2007-02-13 Internet Security Systems
Microsoft Internet Explorer FTP Response Remote Code Execution
2007-02-12 Microsoft
MS07-FEB: Microsoft Security Bulletin Summary for February, 2007
Included in this advisory are updates for newly discovered vulnerabilities.
2007-02-02 Microsoft
Microsoft Security Advisory (932553): Vulnerability in Microsoft Office Could Allow Remote Code Execution
Excel Malformed Record Vulnerability(CVE-2007-0671,MS07-015)
Advisory published.
2007-01-27 Microsoft
Microsoft Security Advisory (932114): Vulnerability in Microsoft Word 2000 Could Allow Remote Code Execution
Word Malformed String Vulnerability(CVE-2007-0515,MS07-014)
Advisory published.
2006-12-05 Microsoft
Microsoft Security Advisory (929433): Vulnerability in Microsoft Word Could Allow Remote Code Execution
Word Malformed String Vulnerability(CVE-2006-5994,MS07-014)
Advisory published.
2006-08-16 iDefense
Microsoft 'wininet.dll' FTP Reply Null Termination Heap Corruption Vulnerability
FTP Server Response Parsing Memory Corruption Vulnerability(CVE-2007-0217,MS07-016)
Vulnerability Reported


Date first published (UTC): 2007-02-13T23:06+00:00
Date last updated (UTC): 2007-03-10T16:03+00:00