Saturday, December 09, 2006
Microsoft has announced that it plans to release 6 updates on December 12th. These bulletins address vulnerabilities in Microsoft Windows and Microsoft Visual Studio. The highest severity rating as given by Microsoft for the bulletins is critical. Microsoft has not announced that the Microsoft Word vulnerability, as previously reported on December 6, will be patched on December 12. This vulnerability, described in Microsoft Security Advisory (929433), covers an unspecified code execution flaw that may allow for arbitrary code execution when processing Microsoft Word documents with malformed strings. Code execution would be at the rights level of the victim. I recommend not opening documents from untrusted sources and using extreme caution when opening documents from trusted sources. Further on two 0-day issues have come to light recently affecting Adobe Download Manager and the Microsoft Windows Media Player. Each of these issues may allow for arbitrary remote code execution. The Adobe Download Manager vulnerability lies in the AOM format parser. The Windows Media Player vulnerability lies in the WMVCORE.DLL library. Both of these vulnerabilities would require user interaction to successfully exploit. I predicted all these problems a long time ago...
<< Home