Search:

May 2006

Three Microsoft Security Bulletins

ID: 00344
Ref: 337/2006
Date: 10 May 2006:14:06:52
Version: 1

Title: Three Microsoft Security Bulletins
Abstract:
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft

Title
=====

Three Microsoft Security Bulletins:

1. MS06-009 - Vulnerability in Microsoft Exchange Could Allow Remote
Code Execution

2. MS06-020 - Vulnerabilities in Macromedia Flash Player from
Adobe Could Allow Remote Code Execution

3. MS06-018 - Vulnerability in Microsoft Distributed Transaction
Coordinator Could Allow Denial of Service

Detail
======

1. A remote code execution vulnerability exists in Microsoft
Exchange Server that could allow an attacker who successfully
exploited this vulnerability to take complete control of the
affected system.

2. Vulnerabilities in Macromedia Flash Player from Adobe Could
Allow Remote Code Execution

3. Vulnerability in Microsoft Distributed Transaction Coordinator
Could Allow Denial of Service

1.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

MS06-009 - Vulnerability in Microsoft Exchange Could Allow Remote
Code Execution (916803)

Affected Software:

- Microsoft Exchange Server 2000 with the Exchange 2000 Post-Service
Pack 3 Update Rollup of August 2004(870540)
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 2003 Service Pack 2

Full MS06-019 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-019.mspx

Vulnerability Details

Exchange Calendar Vulnerability - CVE-2006-0027:

A remote code execution vulnerability exists in Microsoft
Exchange Server that could allow an attacker who successfully
exploited this vulnerability to take complete control of the
affected system.

An attacker could exploit the vulnerability by constructing a
specially crafted message that could potentially allow remote
code execution when an Exchange Server processes an email with
certain vCal or iCal properties.

This is a remote code execution vulnerability. An attacker who
successfully exploited this vulnerability could remotely take
complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new
accounts with full user rights.

iQCVAwUBRGEsZyh9+71yA2DNAQLYtAP/ajKsBhydWWk2dIjdtJalJGavEvyAQm4v
hGmbJWnoj6F4HWPvnhEKUXUELqlitCtGc3YeaEWXv40AEIsMVEFOgQ19RaQ21AhS
L0wmyoEastO1tr4I4EOrbJ3VHvQC9JrI4yL9WjqYrJH/0fmUpReJ1Q2Yp7Uyyc4w
ZOqXIhKPijs=
=jxhm
- -----END PGP SIGNATURE-----

2.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
MS06-020 - Vulnerabilities in Macromedia Flash Player from
Adobe Could Allow Remote Code Execution
10 May 2006

===========================================================================

Product: Adobe Flash Player bundled with Internet Explorer
Publisher: Microsoft
Operating System: Windows XP SP2 and prior
Windows ME
Windows 98 SE and prior
Impact: Execute Arbitrary Code/Commands
Access: Remote/Unauthenticated
CVE Names: CVE-2006-0024 CVE-2005-2628

Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx

- - --------------------------BEGIN INCLUDED TEXT--------------------

MS06-020 - Vulnerabilities in Macromedia Flash Player from Adobe Could
Allow Remote Code Execution (913433)

Affected Software:
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP
Service Pack 2
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (ME)

Non-Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003 and Microsoft Windows
Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems
and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Windows XP Professional x64 Edition

Full MS06-020 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-020.mspx

Vulnerability Details

Flash Player Vulnerabilities - CVE-2006-0024, CVE-2005-2628:

A remote code execution vulnerability exists in Macromedia
Flash Player from Adobe because of the way that it handles
Flash Animation (SWF) files. An attacker could exploit the
vulnerability by constructing a specially crafted Flash Animation
(SWF) file that could potentially allow remote code execution
if a user visited a Web site containing the specially crafted
SWF file or viewed an e-mail message containing the specially
crafted SWF file as an attachment. An attacker who successfully
exploited this vulnerability could take complete control of
an affected system.

iQCVAwUBRGE1mih9+71yA2DNAQI/2gP+Pae9PggqBJLW0zSUgHO4DhmCM75XtrFD
hRNZqCFYwv9+3+DJZnd+ncmA8KHDiGSAvmnN+xbYqtj9RDFj/WQNHfLQssZd1Yr2
ewBs0SL8b1Vjc8yO0w5xHUh8svCvbaNLFvc7WlGHr+Fx1PIytSazho9CAjktXN4y
myxSfW+tcqQ=
=Lk/K
- -----END PGP SIGNATURE-----

3.

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================

MS06-018 - Vulnerability in Microsoft Distributed
Transaction Coordinator Could Allow Denial of Service
10 May 2006

===========================================================================

Publisher: Microsoft
Operating System: Windows XP SP2 and prior
Windows Server 2003
Windows 2000 SP4 and prior
Impact: Denial of Service (see comment)
Access: Remote/Unauthenticated
CVE Names: CVE-2006-1184 CVE-2006-0034

Original Bulletin:
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx

Comment: Microsoft states that vulnerability CVE-2006-0034 is a denial of
service only. However the original reporter (eEye) states it is
in fact exploitable to execute arbitrary code, as described at:

http://www.eeye.com/html/research/advisories/AD20060509a.html

- - --------------------------BEGIN INCLUDED TEXT--------------------

MS06-018 - Vulnerability in Microsoft Distributed Transaction Coordinator
Could Allow Denial of Service (913580)

Affected Software:
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
and Microsoft Windows XP Service Pack 2
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems

Non-Affected Software:
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (Me)

Full MS06-018 advisory:
http://www.microsoft.com/technet/security/Bulletin/MS06-018.mspx

Vulnerability Details

MSDTC Invalid Memory Access Vulnerability - CVE-2006-0034:

A denial of service vulnerability exists that could allow an
attacker to send a specially crafted network message to an
affected system. An attacker could cause the Microsoft Distributed
Transaction Coordinator (MSDTC) to stop responding. Note that
the denial of service vulnerability would not allow an attacker
to execute code or to elevate their user rights, but it could
cause the affected system to stop accepting requests.

MSDTC Denial of Service Vulnerability - CVE-2006-1184:

A denial of service vulnerability exists that could allow an
attacker to send a specially crafted network message to an
affected system. An attacker could cause the Microsoft Distributed
Transaction Coordinator (MSDTC) to stop responding. Note that
the denial of service vulnerability would not allow an attacker
to execute code or to elevate their user rights, but it could
cause the affected system to stop accepting requests.

iQCVAwUBRGFEKih9+71yA2DNAQJQtAP/dJdMoS7/n8LZ4BkJdTE640lJToVcju8k
TTioKnGXSoXBD+3SWbZMtwuD64CLzoJtwKzO04OEDIOXBxEaDiXcrU4B0iTHyklO
H08VgMSrrY5hlUqtmI5Kw2r+zHrPNGPs0ddfTkq3Wh0vYHj0QUa7xTmhGgOsxmbD
y0ZSDOQ7c60=
=Ylah
- -----END PGP SIGNATURE-----