Microsoft Updates for Multiple Vulnerabilities
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/TRTA07-226A.html
JVNRSS based Status Tracking Notes: Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, Internet Explorer, Windows Media Player, Office, Office for Mac, XML Core Services, Visual Basic, Virtual PC, and Virtual Server. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system.JVNRSS Feasibility Study Teamjvn@jvn.jpTRTA07-226A2007-09-03T00:01+00:002007-08-15T06:08+00:002007-09-03T00:01+00:00MS Windows (GDI32.DLL) Denial of Service Exploit (MS07-046)
http://www.securityfocus.com/bid
Remote Code Execution Vulnerability in GDI - Proof Of Concept (CVE-2007-3034,MS07-046)
#Cid: 25302-MS07-046.c
#Tested: Windows XP [KR] + SP2
Bugtraqhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-30342007-08-292007-08-292007-08-29MS07-042 XMLDOM substringData() PoC
http://www.securityfocus.com/archive/1
a proof-of-concept code for this vulnerability (CVE-2007-2223,MS07-042)
#Cid: 25031.js
Bugtraqhttp://www.us-cert.gov/cas/techalerts/TA07-226A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2223http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx2007-08-16T11:32+02:002007-08-16T11:32+02:002007-08-16T11:32+02:00ThreatCON (2) => (1)
https://tms.symantec.com/
Symantechttp://www.uscert.gov/cas/techalerts/TA07-226A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-044.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-045.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-047.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-048.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-049.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-050.mspx2007-08-15T22:33+00:002007-08-15T22:33+00:002007-08-15T22:33+00:00Aug 2007 Microsoft Security Bulletin (including six critical patches)
http://www.jpcert.or.jp/at/2007/at070018.txt
JPCERT/CCJPCERT-AT-2007-0018http://www.uscert.gov/cas/techalerts/TA07-226A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-044.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-045.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-047.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-048.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-049.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-050.mspx2007-08-15T01:47+00:002007-08-15T01:47+00:002007-08-15T01:47+00:00ThreatCON (1) => (2)
https://tms.symantec.com/
On August 14, 2007, Microsoft released nine security bulletins addressing vulnerabilities in several products. Six issues are 'critical', three are 'important'. Users are urged to review the bulletins and to apply the patches as soon as possible.
Symantechttp://www.uscert.gov/cas/techalerts/TA07-226A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-044.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-045.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-047.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-048.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-049.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-050.mspx2007-08-14T23:42+00:002007-08-14T23:42+00:002007-08-14T23:42+00:00Microsoft Updates for Multiple Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA07-226A.html
Via US-CERT Mailing List
US-CERTTA07-226Ahttp://www.uscert.gov/cas/techalerts/TA07-226A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-044.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-045.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-047.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-048.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-049.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-050.mspx2007-08-14T16:26-04:002007-08-14T16:26-04:002007-08-14T16:26-04:00August 'Black Tuesday' overview
http://isc.sans.org/diary.html?storyid=3264
Overview of the August 2007 Microsoft patches and their status.
SANS Internet Storm Centerhttp://www.us-cert.gov/cas/techalerts/TA07-226A.html2007-08-14T18:21+00:002007-08-14T18:21+00:002007-08-14T18:21+00:00Microsoft Releases August Security Bulletins
http://www.uscert.gov/current/archive/2007/08/14/archive.html#microsoft_releases_august_security_bulletins
Microsoft has released updates to address vulnerabilities in Windows, Windows Media Player, Windows Gadgets, Office, Excel, Internet Explorer, Visual Basic, Virtual Sever, and Virtual PC as part of the Microsoft Security Bulletin Summary for August 2007.
US-CERThttp://www.uscert.gov/cas/techalerts/TA07-226A.html2007-08-14T14:16-04:002007-08-14T14:16-04:002007-08-14T14:16-04:00Microsoft Security Bulletin Summary for August 2007
http://www.microsoft.com/technet/security/bulletin/ms07-aug.mspx
Included in this advisory are updates for newly discovered vulnerabilities.
MicrosoftMS07-AUGhttp://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-044.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-045.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-047.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-048.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-049.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-050.mspx2007-08-142007-08-142007-08-14Microsoft Vector Markup Language Remote Code Execution
http://www.iss.net/threats/273.html
A vulnerability in Microsoft's implementation of Vector Markup Language could allow remote code execution.
Internet Security Systemshttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1749http://xforce.iss.net/xforce/xfdb/35761http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx2007-08-142007-08-142007-08-14Microsoft XML Core Services Remote Code Execution
http://www.iss.net/threats/274.html
A vulnerability in Microsoft XML Core Services could allow remote code execution.
Internet Security Systemshttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2223http://xforce.iss.net/xforce/xfdb/35195http://www.microsoft.com/technet/security/bulletin/ms07-042.mspx2007-08-142007-08-142007-08-14Microsoft Windows Media Player Malformed Skin Header Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-047.html
Windows Media Player Code Execution Vulnerability Decompressing Skins(MS07-047, CVE-2007-3035)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerability Reported
Zero Day Initiative (ZDI)ZDI-07-047http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3035http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx2007-05-222007-05-222007-05-22Windows Metafile AttemptWrite Heap Overflow
http://research.eeye.com/html/advisories/published/AD20070814b.html
Remote Code Execution Vulnerability in GDI (CVE-2007-3034,MS07-046)
Vulnerability Reported
eEye Digital SecurityEEYEB-AD20070814bhttp://www.microsoft.com/technet/security/bulletin/ms07-046.mspxhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-30342007-03-272007-03-272007-03-27Microsoft Windows Vista Sidebar RSS Feeds Gadget Cross Site Scripting Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=575
Windows Vista Feed Headlines Gadget Remote Code Execution Vulnerability(CVE-2007-3033,MS07-048)
Vulnerability Reported
iDefensehttp://www.us-cert.gov/cas/techalerts/TA07-226A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3033http://www.microsoft.com/technet/security/bulletin/ms07-048.mspx2007-03-212007-03-212007-03-21Microsoft Windows Media Player Skin Parsing Size Mismatch Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-046.html
Windows Media Player Code Execution Vulnerability Parsing Skins(MS07-047, CVE-2007-3037)
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
Vulnerability Reported
Zero Day Initiative (ZDI)ZDI-07-046http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3037http://www.microsoft.com/technet/security/bulletin/ms07-047.mspx2007-03-192007-03-192007-03-19VGX.DLL Compressed Content Heap Overflow Vulnerability
http://research.eeye.com/html/advisories/published/AD20070814a.html
VML Buffer Overrun Vulnerability (CVE-2007-1749,MS07-050)
Vulnerability Reported
eEye Digital SecurityEEYEB-AD20070814ahttp://www.microsoft.com/technet/security/bulletin/MS07-050.mspxhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-17492006-10-242006-10-242006-10-24Microsoft Internet Explorer substringData() Heap Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-048.html
Microsoft XML Core Services Vulnerability(MS07-042, CVE-2007-2223)
OLE Automation Memory Corruption Vulnerability(MS07-043, CVE-2007-2224)
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of various Microsoft software User interaction is required to exploit this vulnerability in that the target must visit a malicious page.
Vulnerability Reported
Zero Day Initiative (ZDI)ZDI-07-048http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2223http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2224http://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspx2006-10-032006-10-032006-10-03Microsoft IE5 CSS Parsing Memory Corruption Vulnerability
http://www.nsfocus.com/english/homepage/research/0701.htm
CSS Memory Corruption Vulnerability(CVE-2007-0943,MS07-045)
Vulnerability Reported
NSFocus CorporationNSFOCUS Security Advisory (SA2007-01)http://www.us-cert.gov/cas/techalerts/TA07-226A.htmlhttp://www.microsoft.com/technet/security/bulletin/ms07-045.mspxhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-09432006-08-312006-08-312006-08-31Microsoft XML Core Services XMLDOM Memory Corruption Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=576
Microsoft XML Core Services Vulnerability(CVE-2007-2223,MS07-042,MS07-043)
Vulnerability Reported
iDefensehttp://www.us-cert.gov/cas/techalerts/TA07-226A.htmlhttp://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2223http://www.microsoft.com/technet/security/bulletin/ms07-042.mspxhttp://www.microsoft.com/technet/security/bulletin/ms07-043.mspx2006-05-172006-05-172006-05-172TT61wIQnH1TPjg1SjZ1d/ossyk=U2tDpIvcOhItC8kHlp7PH8pQ79A=pODzVshxeFCc8QGz4sY2lvyY81NGfAN6bit16EoyYhgiRU2v42+NUJZMZFL/DA4DdjZjoBKKPd5qjIQbhVKkUBHlmpNICt99uJdzjUpuCzvy35zqi66xD3nHaZQwAG49CChBA4jEX9c6s9sugov4Ii3ksIGWkb/MROGAc0Cprd0=MIIE1DCCA7ygAwIBAgIQfBHY/s5/LRzGChqXgtjCKTANBgkqhkiG9w0BAQUFADCB3TELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMTswOQYDVQQLEzJUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYSAoYykwNTEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTcwNQYDVQQDEy5WZXJpU2lnbiBDbGFzcyAxIEluZGl2aWR1YWwgU3Vic2NyaWJlciBDQSAtIEcyMB4XDTA3MDcwNTAwMDAwMFoXDTA4MDcwNDIzNTk1OVowggEhMRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1c3QgTmV0d29yazFGMEQGA1UECxM9d3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L1JQQSBJbmNvcnAuIGJ5IFJlZi4sTElBQi5MVEQoYyk5ODEeMBwGA1UECxMVUGVyc29uYSBOb3QgVmFsaWRhdGVkMTQwMgYDVQQLEytEaWdpdGFsIElEIENsYXNzIDEgLSBNaWNyb3NvZnQgRnVsbCBTZXJ2aWNlMSYwJAYDVQQDFB1KVk5SU1MgRmVhc2liaWxpdHkgU3R1ZHkgVGVhbTEfMB0GCSqGSIb3DQEJARYQanZucnNzQGlwYS5nby5qcDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsCjiweXb23sjKQajfCS8WiHjax1ppkfkjhN/SwBp/LOOXlpZpzW/lHtKSnWJLPOZzLxIJUWARTZ+T2y2wCzDnKU9TOkNx56u7iBhhATVRyPby22uRY0Pf+1uu8vnSZPvAR50FI9o2COo9xCqfXZWU/RNWSrsrxJd2XL4Y6sYzL0CAwEAAaOBzDCByTAJBgNVHRMEAjAAMEQGA1UdIAQ9MDswOQYLYIZIAYb4RQEHFwMwKjAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JwYTALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwQGCCsGAQUFBwMCMEoGA1UdHwRDMEEwP6A9oDuGOWh0dHA6Ly9JbmRDMURpZ2l0YWxJRC1jcmwudmVyaXNpZ24uY29tL0luZEMxRGlnaXRhbElELmNybDANBgkqhkiG9w0BAQUFAAOCAQEAHbEsHsaKt3O4OUlcec2BOe+MAP4eGW5X494WdegnLEW4tlAxZvctmLeGr0VRXMtF1JumpTLQcdQvUFp15N2+RDa1PrMFrkrCz9BdextE/7mykda0DzsAvbroqHbsu3tZOhnE7T61ZxtBuXOC0jChphl96yDn8NxvebCwcApB46oeKSbAFT21HRIWGiCo1QaMvB390MzFfOFfft1oHivREyIjgXNyAUSTunj/rQhodTnQRVdRuVwa5KSUErWOnNFM2uuXaF/vJqVRX2QR6zr+S+JGbw3ykc/7zkixEBbkSv3wOTh7BmsXRzRvLcaD92ifxOqFxWHQxIqMSxsbJ6WyPQ==