Public Safety and Emergency Preparedness Canada - Sécurité publique et Protection civile Canada
Skip all menus (access key: 2) Skip first menu (access key: 1)
Français Contact Us Help Search Canada Site
About us Policy Research Programs Newsroom
Public Safety and Emergency Preparedness Canada
Home

INFORMATION FOR...
Citizens
Communities
Governments
Business
First responders
Educators
ALTERNATE PATHS...
A-Z index
Site map
Organization
OF INTEREST...
SafeCanada.ca
Tackling Crime
EP Week
Proactive disclosure


Printable versionPrintable version
Send this pageSend this page

Home Programs Emergency management Response CCIRC Analytical releases2 AV06-011: Microsoft Security Bulletin MS06-013, MS06-014, MS06-015, MS06-016, MS06-017

Microsoft Security Bulletin MS06-013, MS06-014, MS06-015, MS06-016, MS06-017

Update to Advisory AV06-011
Date: 26 April 2006

Microsoft has released an update to security bulletin MS06-015 in order to address issues identified in Knowledge Base Article 918165. Revised versions of the security update are available for all products listed in the “Affected Software” section. Customers who have already applied the MS06-015 update who are not experiencing the problem do not need to take action. For more information, please refer to:
http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx
http://support.microsoft.com/kb/918165



Update to Advisory AV06-011
Date: 21 April 2006

Microsoft has released Knowledge Base Article 918165 to document known issues that customers may experience when they install the MS06-015 security update. This includes:

  • You cannot access special folders such as "My Documents" or "My Pictures."
  • Microsoft Office applications stop responding when you try to save or to open Office files in the "My Documents" folder.
  • Office files that are located in the "My Documents" folder cannot be opened.
  • If you open a file by clicking Open on the File menu, the application stops responding.
  • When you type an address in the Address box in Microsoft Internet Explorer, nothing happens.
  • When you right-click a file and then click Send To, nothing happens.
  • When you expand a folder in Windows Explorer, nothing happens.
  • Some third-party applications stop responding when you open or save data in the “My Documents” folder.

Security update 908531 (MS06-015) installs a new binary program, Verclsid.exe. The Verclsid.exe program validates shell extensions before they are instantiated by the Windows shell or by Windows Explorer. On some computers, the Verclsid.exe program stops responding.

The articles provide recommended solutions for these issues. For more information, please refer to: http://support.microsoft.com/kb/918165
http://www.microsoft.com/technet/security/bulletin/ms06-015.mspx

AV06-011
Date: 11 April 2006

Purpose

The purpose of this advisory is to bring attention to the following vulnerabilities (3 Critical, 1 Important, 1 Moderate) in some Microsoft products.

MS06-013: Cumulative Security Update for Internet Explorer

Assessment

DHTML Method Call Memory Corruption Vulnerability - CVE-2006-1359:

A remote code execution vulnerability exists in the way Internet Explorer displays a web page that contains certain unexpected method calls to HTML objects. As a result, system memory may be corrupted and allow the execution of arbitrary code if a user visited a malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Multiple Event Handler Memory Corruption Vulnerability - CVE-2006-1245:

A remote code execution vulnerability exists in the way Internet Explorer handles multiple event handlers in an HTML element. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

HTA Execution Vulnerability - CVE-2006-1388:

A remote code execution vulnerability exists in Internet Explorer. An HTML Application (HTA) can be initiated in a way that bypasses the security control within Internet Explorer. This allows an HTA to execute without Internet Explorer displaying the normal security dialog box. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

HTML Parsing Vulnerability - CVE-2006-1185:

A remote code execution vulnerability exists in the way Internet Explorer handles specially crafted and not valid HTML. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-1186:

A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

HTML Tag Memory Corruption Vulnerability - CVE-2006-1188:

A remote code execution vulnerability exists in the way Internet Explorer handles HTML elements that contain a specially crafted tag. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Double-Byte Character Parsing Memory Corruption Vulnerability - CVE-2006-1189:

A remote code execution vulnerability exists in the way Internet Explorer handles double-byte characters in specially crafted URLs. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Script Execution Vulnerability - CVE-2006-1190:

A vulnerability exists in Internet Explorer in the way it returns IOleClientSite information when an embedded object is dynamically created. An attacker could exploit the vulnerability by constructing a malicious web page with a dynamically created object. This object would need to make use of the IOleClientSite information returned to make a security related decision. This could potentially allow remote code execution or information disclosure if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Cross-Domain Information Disclosure Vulnerability - CVE-2006-1191:

An information disclosure vulnerability exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially lead to information disclosure if a user visited a malicious web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could read cookies or other data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.

Address Bar Spoofing Vulnerability - CVE-2006-1192:

A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window.

Impact of Vulnerability: Remote Code Execution

Microsoft's Maximum Severity Rating: Critical

Affected Software:
Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition family
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Note: The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.

Tested Microsoft Windows Components:

Affected Components:
- Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
- Internet Explorer 6 for Microsoft Windows XP Service Pack 2
- Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
- Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition

Suggested action

PSEPC recommends that administrators test and install the update at the earliest opportunity. Note: This cumulative security update addresses the vulnerability outlined in PSEPC Advisory AV06-010. http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

MS06-014: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution

Assessment

A remote code execution vulnerability exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Impact of Vulnerability: Remote Code Execution

Microsoft's Maximum Severity Rating: Critical

Affected Software:
Microsoft Windows XP Service Pack 1 running Microsoft Data Access Components 2.7 Service Pack 1
- Microsoft Windows XP Service Pack 2 running Microsoft Data Access Components 2.8 Service Pack 1
- Microsoft Windows XP Professional x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows Server 2003 running Microsoft Data Access Components 2.8
- Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows Server 2003 for Itanium-based Systems running Microsoft Data Access Components 2.8
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Tested Microsoft Windows Components:

Affected Components:

- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5 Service Pack 3 installed
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7 Service Pack 1 installed
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 installed
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 Service Pack 1 installed
- Windows XP Service Pack 1 with Microsoft Data Access Components 2.8 installed

Suggested action

PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx

MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution

Assessment

A remote code execution vulnerability exists in Windows Explorer due to the way it handles COM objects. An attacker would need to convince a user to visit a web site that could force a connection to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Impact of Vulnerability: Remote Code Execution

Microsoft's Maximum Severity Rating: Critical

Affected Software:
Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)

Suggested action

PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx

MS06-016: Cumulative Security Update for Outlook Express

Assessment

A remote code execution vulnerability exists in Outlook Express when using a Windows Address Book (.wab) file that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Impact of Vulnerability: Remote Code Execution

Microsoft's Maximum Severity Rating: Important

Affected Software:
Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Windows Me)

Tested Microsoft Windows Components:

Affected Components:
- Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
- Outlook Express 6 Microsoft Windows Server 2003 on Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Outlook Express 6 on Microsoft Windows XP Service Pack 2
- Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
- Outlook Express 6 Service Pack 1 on Microsoft Windows XP Service Pack 1 or when installed on Microsoft Windows 2000 Service Pack 4
- Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4

Note: The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2.

Suggested action

PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx

MS06-017: Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting

Assessment

The cross-site scripting vulnerability could allow an attacker to run client-side script on behalf of an FPSE user. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability against an administrator could take complete control of a Front Page Server Extensions 2002 server.

Impact of Vulnerability: Remote Code Execution

Microsoft's Maximum Severity Rating: Moderate

Affected Software:
- Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows XP Professional x64 Edition
- Microsoft FrontPage Server Extensions 2002 (x86 Editions) downloaded and installed on Microsoft Windows Server 2000 Service Pack 4, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
- Microsoft SharePoint Team Services

Suggested action

PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx

Note to Readers

Public Safety and Emergency Preparedness Canada (PSEPC) collects information related to cyber and physical threats to, and incidents involving, Canadian critical infrastructure. This allows us to monitor and analyze threats and to issue alerts, advisories and other information products. To report threats or incidents, please contact the Government Operations Centre (GOC) at (613) 991-7000 or goc-cog@psepc-sppcc.gc.ca by e-mail.

Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The Royal Canadian Mounted Police (RCMP) National Operations Centre (N.O.C.) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The N.O.C. can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.

For urgent matters or to report any incidents, please contact the Government Operations Centre at:

Phone: (613) 991-7000
Fax: (613) 996-0995
Secure Fax: (613) 991-7094
Email: goc-cog@psepc-sppcc.gc.ca

For general information on critical infrastructure protection and emergency preparedness, please contact PSEPC's Public Affairs division at:

Telephone: (613) 944-4875 or 1-800-830-3118
Fax: (613) 998-9589
E-mail: communications@psepc-sppcc.gc.ca
Web: www.psepc.gc.ca
Top of Page
Last updated: 2006-04-26 Top of Page Important notices