Zero-day vulnerabilities discovered: 20
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by boundary error when processing an unchecked word count in Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
This vulnerability was publicly disclosed by Disco Jonny.
Software: Microsoft Word
Known/fameous malware:
Bloodhound.Exploit.108.
Links:
https://technet.microsoft.com/en-us/library/security/ms07-014.aspx
https://blogs.technet.microsoft.com/msrc/2006/12/15/update-on-current-word-vulnerability-reports/
https://www.symantec.com/security_response/writeup.jsp?docid=2006-121412-1329-99
https://www.symantec.com/connect/blogs/word-those-word-vulnerabilities
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by boundary error when handling Word files with a specially crafted data structure. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Word
Known/fameous malware:
Trojan.Mdropper.U
Links:
https://technet.microsoft.com/library/security/ms07-014
https://blogs.technet.microsoft.com/msrc/2006/12/10/new-report-of-a-word-zero-day/
http://www.kb.cert.org/vuls/id/166700
https://blogs.technet.microsoft.com/msrc/2006/12/15/update-on-current-word-vulnerability-reports/
https://www.symantec.com/connect/blogs/word-those-word-vulnerabilities
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by boundary error when handling Word files with a specially crafted string. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Word
Known/fameous malware:
Bloodhound.Exploit.106
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an error in XMLHTTP ActiveX control within Microsoft XML Core Services. A remote unauthenticated attacker can trick the victim to open a specially crafted web page and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability is being actively exploited.
The issue was discovered in the wild by ISS xForce.
Software: Microsoft XML Core Services
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data in Microsoft WMIScriptUtils.WMIObjectBroker2 ActiveX control (WmiScriptUtils.dll), bundled with Visual Studio 2005. A remote unauthenticated attacker can trick the victim to open a specially crafted web page or HTML file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability is being actively exploited.
This vulnerability was publicly reported by Michal Bucko and H D Moore.
Software: Visual Studio
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to improper validation of input parameters passed to vulnerable setSlice() method in WebViewFolderIcon ActiveX control (Web View). A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Windows
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused by a boundary error when parsing malformed records within the PowerPoint file. A remote attacker can create a specially crafted .ppt file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
It has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
Software: Microsoft PowerPoint
Known/fameous malware:
Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F.
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data in Vector Markup Language (VML) implementation (VGX.dll) in Microsoft Windows. A remote unauthenticated attacker can trick the victim to open a specially crafted web page or HTML file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability is being actively exploited.
This vulnerability was reported by Sunbelt Software.
Software: Windows
Known/fameous malware:
Bloodhound.Exploit.78
Heap-based buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow within DirectAnimation Path ActiveX control (daxctle.ocx) when handling unexpected input. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Internet Explorer
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.This vulnerability was reported by Juha-Matti Laurio.
Software: Microsoft Office
Known/fameous malware:
Trojan.Mdropper.Q
Heap-based buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to heap-based buffer overflow in DirectAnimation.PathControl ActiveX control (daxctle.ocx) when handling unexpected input. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Internet Explorer
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Microsoft Windows Server Service. A remote attacker can send a specially crafted packet to port 139/TCP or 445/TCP, trigger boundary error and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Windows
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.The weakness was disclosed 08/08/2006 by Ka Chun Leung with Symantec.
Software: Microsoft Office
Known/fameous malware:
Trojan.Mdropper.N
Links:
http://www.microsoft.com/technet/security/Bulletin/MS06-047.mspx
ftp://ftp.cerias.purdue.edu/pub/advisories/ciac/q-fy06/q-274.Vul.in.Microsoft.Visual.Basic.txt
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/(ms06-047)%20vul...
https://www.symantec.com/content/en/us/enterprise/collateral/tech_briefs/11310863_HTTST_tb.pdf
Memory corruption
The vulnerability allows a remote user to execute arbitrary code on the target system.Software: Microsoft PowerPoint
Known/fameous malware:
PPDropper.B Trojan.
Bloodhound.Exploit.79
Links:
https://blogs.securiteam.com/index.php/archives/508
http://www.microsoft.com/technet/security/Bulletin/MS06-048.mspx
http://www.microsoft.com/technet/security/advisory/922970.mspx
http://blogs.technet.com/msrc/archive/2006/07/14/441893.aspx
https://www.symantec.com/security_response/writeup.jsp?docid=2006-092614-1828-99&tabid=2
https://ae.norton.com/security_response/print_writeup.jsp?docid=2006-092614-1828-99
https://forums.whatthetech.com/index.php?showtopic=66223
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed strings in Office documents. A remote attacker can create a specially crafted Office file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Office
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to incorrect handling of input data when processing a malformed SELECTION record within Excel file. A remote unauthenticated attacker can trick the victim to open a specially crafted Excel file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of this vulnerability may allow an attacker to compromise vulnerable system.
Note: this vulnerability was being actively exploited.Software: Microsoft Excel
Remote code execution
The vulnerability allows a remote user to execute arbitrary code on the target system.Software: Microsoft Excel
Known/fameous malware:
Mdropper.J Trojan.
Links:
https://technet.microsoft.com/en-us/library/security/ms06-037.aspx
http://www.kb.cert.org/vuls/id/394444
https://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/(ms06-037)%20vul...
https://home.mcafee.com/virusinfo/virusprofile.aspx?key=140010
https://blogs.technet.microsoft.com/msrc/2006/06/24/an-update-on-recent-public-issues/
https://www.cnet.com/news/buffer-overflow-in-microsoft-hyperlink-object-library/
Remote code execution
The vulnerability allows a remote user to execute arbitrary code on the target system.Software: Microsoft Word
Known/fameous malware:
Mdropper.H Trojan.
SmartTag exploit.
Links:
https://technet.microsoft.com/en-us/library/security/ms06-027.aspx
https://blogs.technet.microsoft.com/msrc/2006/05/20/a-quick-check-in-on-the-word-vulnerability/
https://blogs.microsoft.com/microsoftsecure/2011/09/28/targeted-attacks-and-the-need-to-keep-documen...
http://www.networkworld.com/article/2266902/lan-wan/microsoft--rogue--security--software-a-rising-th...
https://www.theguardian.com/technology/blog/2010/apr/26/microsoft-security-intelligence-report
http://www.bcs.org/content/conWebDoc/11820
http://rbach.net/blog/index.php/msft-security-report/
http://garwarner.blogspot.com/2009/04/microsoft-security-intelligence-report.html
https://www.itnews.com.au/news/taiwanese-gang-exploits-microsoft-word-81693
http://www.marketwired.com/press-release/MessageLabs-Intelligence-Targeted-Attack-Report-Criminal-Ri...
Memory corruption
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in createTextRange() DHTML method when handling unexpected user input for radio button control. A remote attacker can create a specially crafted web page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.Note: this vulnerability is being actively exploited.
Software: Microsoft Internet Explorer
Known/fameous malware:
Kaspersky - Exploit.JS.CVE-2006-1359.d
Ikarus - Exploit.JS.CVE-2006-1359.d
Nod32 - JS/Exploit.CVE-2006-1359
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Microsoft Graphical Device Interface library (GDI32.DLL) when handling .wmf files. A remote attacker can create a specially crafted .wmf image file with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
This vulnerability was disclosed on December 27, 2005. We have decided however to include it into 2006 year due to very close timing.
Software: Windows