Purpose
The purpose of this advisory is to bring attention to the following vulnerabilities (3 Critical, 1 Important, 1 Moderate) in some Microsoft products.
MS06-013: Cumulative Security Update for Internet Explorer
Assessment
DHTML Method Call Memory Corruption Vulnerability - CVE-2006-1359:
A remote code execution vulnerability exists in the way Internet Explorer displays a web page that contains certain unexpected method calls to HTML objects. As a result, system memory may be corrupted and allow the execution of arbitrary code if a user visited a malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Multiple Event Handler Memory Corruption Vulnerability - CVE-2006-1245:
A remote code execution vulnerability exists in the way Internet Explorer handles multiple event handlers in an HTML element. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
HTA Execution Vulnerability - CVE-2006-1388:
A remote code execution vulnerability exists in Internet Explorer. An HTML Application (HTA) can be initiated in a way that bypasses the security control within Internet Explorer. This allows an HTA to execute without Internet Explorer displaying the normal security dialog box. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
HTML Parsing Vulnerability - CVE-2006-1185:
A remote code execution vulnerability exists in the way Internet Explorer handles specially crafted and not valid HTML. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
COM Object Instantiation Memory Corruption Vulnerability - CVE-2006-1186:
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
HTML Tag Memory Corruption Vulnerability - CVE-2006-1188:
A remote code execution vulnerability exists in the way Internet Explorer handles HTML elements that contain a specially crafted tag. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Double-Byte Character Parsing Memory Corruption Vulnerability - CVE-2006-1189:
A remote code execution vulnerability exists in the way Internet Explorer handles double-byte characters in specially crafted URLs. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially allow remote code execution if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Script Execution Vulnerability - CVE-2006-1190:
A vulnerability exists in Internet Explorer in the way it returns IOleClientSite information when an embedded object is dynamically created. An attacker could exploit the vulnerability by constructing a malicious web page with a dynamically created object. This object would need to make use of the IOleClientSite information returned to make a security related decision. This could potentially allow remote code execution or information disclosure if a user visited the malicious web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Cross-Domain Information Disclosure Vulnerability - CVE-2006-1191:
An information disclosure vulnerability exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit the vulnerability by constructing a malicious web page that could potentially lead to information disclosure if a user visited a malicious web site or viewed a specially crafted e-mail message. An attacker who successfully exploited this vulnerability could read cookies or other data from another Internet Explorer domain. However, user interaction is required to exploit this vulnerability.
Address Bar Spoofing Vulnerability - CVE-2006-1192:
A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window.
Impact of Vulnerability: Remote Code Execution
Microsoft's Maximum Severity Rating: Critical
Affected Software:
Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition family
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Note: The security updates for Microsoft Windows Server 2003, Microsoft Windows Server 2003 Service Pack 1, and Microsoft Windows Server 2003 x64 Edition also apply to Microsoft Windows Server 2003 R2.
Tested Microsoft Windows Components:
Affected Components:
- Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
- Internet Explorer 6 for Microsoft Windows XP Service Pack 2
- Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
- Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
- Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Millennium Edition
Suggested action
PSEPC recommends that administrators test and install the update at the earliest opportunity. Note: This cumulative security update addresses the vulnerability outlined in PSEPC Advisory AV06-010. http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx
MS06-014: Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution
Assessment
A remote code execution vulnerability exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Impact of Vulnerability: Remote Code Execution
Microsoft's Maximum Severity Rating: Critical
Affected Software:
Microsoft Windows XP Service Pack 1 running Microsoft Data Access Components 2.7 Service Pack 1
- Microsoft Windows XP Service Pack 2 running Microsoft Data Access Components 2.8 Service Pack 1
- Microsoft Windows XP Professional x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows Server 2003 running Microsoft Data Access Components 2.8
- Microsoft Windows Server 2003 Service Pack 1 running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows Server 2003 for Itanium-based Systems running Microsoft Data Access Components 2.8
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows Server 2003 x64 Edition running Microsoft Data Access Components 2.8 Service Pack 2
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Tested Microsoft Windows Components:
Affected Components:
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.5 Service Pack 3 installed
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.7 Service Pack 1 installed
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 installed
- Windows 2000 Service Pack 4 with Microsoft Data Access Components 2.8 Service Pack 1 installed
- Windows XP Service Pack 1 with Microsoft Data Access Components 2.8 installed
Suggested action
PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx
MS06-015: Vulnerability in Windows Explorer Could Allow Remote Code Execution
Assessment
A remote code execution vulnerability exists in Windows Explorer due to the way it handles COM objects. An attacker would need to convince a user to visit a web site that could force a connection to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Impact of Vulnerability: Remote Code Execution
Microsoft's Maximum Severity Rating: Critical
Affected Software:
Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Suggested action
PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx MS06-016: Cumulative Security Update for Outlook Express
Assessment
A remote code execution vulnerability exists in Outlook Express when using a Windows Address Book (.wab) file that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
Impact of Vulnerability: Remote Code Execution
Microsoft's Maximum Severity Rating: Important
Affected Software:
Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition
- Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Windows Me)
Tested Microsoft Windows Components:
Affected Components:
- Outlook Express 6 on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Outlook Express 6 on Microsoft Windows Server 2003 x64 Edition
- Outlook Express 6 Microsoft Windows Server 2003 on Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Outlook Express 6 on Microsoft Windows XP Service Pack 2
- Outlook Express 6 on Microsoft Windows XP Professional x64 Edition
- Outlook Express 6 Service Pack 1 on Microsoft Windows XP Service Pack 1 or when installed on Microsoft Windows 2000 Service Pack 4
- Outlook Express 5.5 Service Pack 2 on Microsoft Windows 2000 Service Pack 4
Note: The security updates for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 also apply to Microsoft Windows Server 2003 R2.
Suggested action
PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-016.mspx
MS06-017: Vulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting
Assessment
The cross-site scripting vulnerability could allow an attacker to run client-side script on behalf of an FPSE user. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability against an administrator could take complete control of a Front Page Server Extensions 2002 server.
Impact of Vulnerability: Remote Code Execution
Microsoft's Maximum Severity Rating: Moderate
Affected Software:
- Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
- Microsoft FrontPage Server Extensions 2002 shipped on Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
- Microsoft FrontPage Server Extensions 2002 (x64 Edition) downloaded and installed on Microsoft Windows Server 2003 x64 Edition and Microsoft Windows XP Professional x64 Edition
- Microsoft FrontPage Server Extensions 2002 (x86 Editions) downloaded and installed on Microsoft Windows Server 2000 Service Pack 4, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
- Microsoft SharePoint Team Services
Suggested action
PSEPC recommends that administrators test and install the update at the earliest opportunity.
http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx
Unauthorized use of computer systems and mischief in relation to data are serious Criminal Code offences in Canada. Any suspected criminal activity should be reported to local law enforcement organizations. The Royal Canadian Mounted Police (RCMP) National Operations Centre (N.O.C.) provides a 24/7 service to receive such reports or to redirect callers to local law enforcement organizations. The N.O.C. can be reached at (613) 993-4460. National security concerns should be reported to the Canadian Security Intelligence Service (CSIS) at (613) 993-9620.
For urgent matters or to report any incidents, please contact the Government Operations Centre at:
For general information on critical infrastructure protection and emergency preparedness, please contact PSEPC's Public Affairs division at: