RETIRED: Microsoft April Advance Notification Multiple Vulnerabilities
BID:17397
Info
RETIRED: Microsoft April Advance Notification Multiple Vulnerabilities
| Bugtraq ID: | 17397 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 06 2006 12:00AM |
| Updated: | Apr 17 2007 03:31PM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6a Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Microsoft Windows 95 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Microsoft Office XP Developer Edition Microsoft Office XP SP3 Microsoft Office XP SP2 Microsoft Office XP SP1 Microsoft Office XP Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 Microsoft Office 2001 For Macintosh SR1 Microsoft Office 2001 For Macintosh Microsoft Office 2001 for Mac Microsoft Office 2000 Korean Version Microsoft Office 2000 Japanese Version Microsoft Office 2000 Chinese Version Microsoft Office 2000 SP3 Microsoft Office 2000 SP2 Microsoft Office 2000 SP1 Microsoft Office 2000 Microsoft Internet Explorer for Unix SP2 Microsoft Internet Explorer for Unix SP2 |
| Not Vulnerable: | |
Discussion
RETIRED: Microsoft April Advance Notification Multiple Vulnerabilities
Microsoft has released advance notification that they will be releasing five security bulletins for Windows on April 11, 2006. The highest severity rating for these issues is Critical.
Further details about these issues are not currently available. Individual BIDs will be created and this record will be removed when the security bulletins are released.
These vulnerabilities have been assigned to the following BIDs:
17196 Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability
17131 Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability
17181 Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability
17450 Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability
17453 Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
17468 Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
17454 Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability
17455 Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability
17457 Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability
17460 Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability
17462 Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability
17464 Microsoft Windows Shell COM Object Remote Code Execution Vulnerability
17459 Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability
17452 Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
Microsoft has released advance notification that they will be releasing five security bulletins for Windows on April 11, 2006. The highest severity rating for these issues is Critical.
Further details about these issues are not currently available. Individual BIDs will be created and this record will be removed when the security bulletins are released.
These vulnerabilities have been assigned to the following BIDs:
17196 Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability
17131 Microsoft Internet Explorer Script Action Handler Buffer Overflow Vulnerability
17181 Microsoft Internet Explorer Unspecified Remote HTA Execution Vulnerability
17450 Microsoft Internet Explorer Invalid HTML Parsing Code Execution Vulnerability
17453 Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability
17468 Microsoft Internet Explorer HTML Tag Memory Corruption Vulnerability
17454 Microsoft Internet Explorer Double Byte Character Memory Corruption Vulnerability
17455 Microsoft Internet Explorer Erroneous IOleClientSite Data Zone Bypass Vulnerability
17457 Microsoft Internet Explorer Popup Cross-Domain Information Disclosure Vulnerability
17460 Microsoft Internet Explorer Persistent Window Content Address Bar Spoofing Vulnerability
17462 Microsoft MDAC RDS.Dataspace ActiveX Control Remote Code Execution Vulnerability
17464 Microsoft Windows Shell COM Object Remote Code Execution Vulnerability
17459 Microsoft Outlook Express Windows Address Book File Parsing Buffer Overflow Vulnerability
17452 Microsoft FrontPage Server Extensions Cross-Site Scripting Vulnerability
Exploit / POC
RETIRED: Microsoft April Advance Notification Multiple Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for these issues. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
RETIRED: Microsoft April Advance Notification Multiple Vulnerabilities
Solution:
Microsoft plans to release fixes to address these issues on April 11, 2006.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Microsoft plans to release fixes to address these issues on April 11, 2006.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
RETIRED: Microsoft April Advance Notification Multiple Vulnerabilities
References:
References: