RETIRED: Microsoft January Advance Notification Multiple Vulnerabilities
BID:21869
Info
RETIRED: Microsoft January Advance Notification Multiple Vulnerabilities
| Bugtraq ID: | 21869 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Jan 04 2007 12:00AM |
| Updated: | Apr 19 2013 02:40AM |
| Credit: | Reported by the vendor. |
| Vulnerable: |
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional SP1 Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Media Center Edition SP1 Microsoft Windows XP Media Center Edition Microsoft Windows XP Home SP2 Microsoft Windows XP Home SP1 Microsoft Windows XP Home Microsoft Windows XP 64-bit Edition Version 2003 SP1 Microsoft Windows XP 64-bit Edition Version 2003 Microsoft Windows XP 64-bit Edition SP1 Microsoft Windows XP 64-bit Edition Microsoft Windows XP 0 Microsoft Windows Server 2003 Web Edition SP1 Beta 1 Microsoft Windows Server 2003 Web Edition SP1 Microsoft Windows Server 2003 Web Edition Microsoft Windows Server 2003 Standard x64 Edition Microsoft Windows Server 2003 Standard Edition SP1 Beta 1 Microsoft Windows Server 2003 Standard Edition SP1 Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise x64 Edition Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition Itanium SP1 Microsoft Windows Server 2003 Enterprise Edition Itanium 0 Microsoft Windows Server 2003 Enterprise Edition SP1 Beta 1 Microsoft Windows Server 2003 Enterprise Edition SP1 Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Datacenter x64 Edition Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition Itanium SP1 Microsoft Windows Server 2003 Datacenter Edition Itanium 0 Microsoft Windows Server 2003 Datacenter Edition SP1 Beta 1 Microsoft Windows Server 2003 Datacenter Edition SP1 Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6 Microsoft Windows NT Workstation 4.0 SP5 Microsoft Windows NT Workstation 4.0 SP4 Microsoft Windows NT Workstation 4.0 SP3 Microsoft Windows NT Workstation 4.0 SP2 Microsoft Windows NT Workstation 4.0 SP1 Microsoft Windows NT Workstation 4.0 Microsoft Windows NT Terminal Server 4.0 SP6a Microsoft Windows NT Terminal Server 4.0 SP6 Microsoft Windows NT Terminal Server 4.0 SP5 Microsoft Windows NT Terminal Server 4.0 SP4 Microsoft Windows NT Terminal Server 4.0 SP3 Microsoft Windows NT Terminal Server 4.0 SP2 Microsoft Windows NT Terminal Server 4.0 SP1 Microsoft Windows NT Terminal Server 4.0 Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6 Microsoft Windows NT Server 4.0 SP5 Microsoft Windows NT Server 4.0 SP4 Microsoft Windows NT Server 4.0 SP3 Microsoft Windows NT Server 4.0 SP2 Microsoft Windows NT Server 4.0 SP1 Microsoft Windows NT Server 4.0 Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Enterprise Server 4.0 SP6 Microsoft Windows NT Enterprise Server 4.0 SP5 Microsoft Windows NT Enterprise Server 4.0 SP4 Microsoft Windows NT Enterprise Server 4.0 SP3 Microsoft Windows NT Enterprise Server 4.0 SP2 Microsoft Windows NT Enterprise Server 4.0 SP1 Microsoft Windows NT Enterprise Server 4.0 Microsoft Windows ME Microsoft Windows 98SE Microsoft Windows 98 Microsoft Windows 95 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Server SP3 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Professional SP3 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Datacenter Server SP3 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Advanced Server SP4 Microsoft Windows 2000 Advanced Server SP3 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server Microsoft Visual Studio 2005 Team Edition 0 Microsoft Visual Studio 2005 Microsoft Visual Studio .NET Trial Edition 0 Microsoft Visual Studio .NET Professional Edition Microsoft Visual Studio .NET Enterprise Developer Edition Microsoft Visual Studio .NET Enterprise Architect Edition Microsoft Visual Studio .NET Academic Edition 0 Microsoft Visual Studio .NET 2003 Enterprise Architect Microsoft Visual Studio .NET 2003 Microsoft Visual Studio .NET 2002 Microsoft Visual Studio 6.0 SP5 Microsoft Visual Studio 6.0 SP4 Microsoft Visual Studio 6.0 SP3 Microsoft Visual Studio 6.0 SP2 Microsoft Visual Studio 6.0 SP1 Microsoft Visual Studio 6.0 Microsoft Office XP SP3 Microsoft Office XP SP2 Microsoft Office XP SP1 Microsoft Office XP Microsoft Office X for Mac 0 Microsoft Office v. X Microsoft Office 98 For Mac Microsoft Office 97 Microsoft Office 2004 for Mac 0 Microsoft Office 2003 SP3 Microsoft Office 2003 SP2 Microsoft Office 2003 SP1 Microsoft Office 2003 0 Microsoft Office 2002 0 Microsoft Office 2001 For Macintosh SR1 Microsoft Office 2001 For Macintosh Microsoft Office 2001 for Mac Microsoft Office 2000 SP3 Microsoft Office 2000 SP1 Microsoft Office 2000 Microsoft Internet Explorer for Unix SP2 |
| Not Vulnerable: | |
Discussion
RETIRED: Microsoft January Advance Notification Multiple Vulnerabilities
Microsoft has released advance notification that the vendor will be releasing four security bulletins in all (One for Windows and three for Microsoft Office) on January 9, 2007. The highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.
*Update January 8, 2006: Microsoft has updated the advance notification information for the January 2007 security bulletin release. Four bulletins have been dropped, leaving a remainder of four bulletins that will be published on January 9th from the original eight bulletins proposed.
These vulnerabilities have been assigned to the following BIDs:
21942 Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability
21856 Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
21952 Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability
21877 Microsoft Excel Malformed String Remote Code Execution Vulnerability
21925 Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
21922 Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability
21931 Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability
21937 Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability
21936 Microsoft Outlook Advanced Find Remote Code Execution Vulnerability
21930 Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability
Microsoft has released advance notification that the vendor will be releasing four security bulletins in all (One for Windows and three for Microsoft Office) on January 9, 2007. The highest severity rating for these issues is 'Critical'.
Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.
*Update January 8, 2006: Microsoft has updated the advance notification information for the January 2007 security bulletin release. Four bulletins have been dropped, leaving a remainder of four bulletins that will be published on January 9th from the original eight bulletins proposed.
These vulnerabilities have been assigned to the following BIDs:
21942 Microsoft Office Brazilian Portuguese Grammar Checker Remote Code Execution Vulnerability
21856 Microsoft Excel IMDATA Record Remote Code Execution Vulnerability
21952 Microsoft Excel Opcode Handling Unspecified Remote Code Execution Vulnerability
21877 Microsoft Excel Malformed String Remote Code Execution Vulnerability
21925 Microsoft Excel Malformed Column Record Remote Code Execution Vulnerability
21922 Microsoft Excel Malformed Palette Record Remote Code Execution Vulnerability
21931 Microsoft Outlook VEVENT Record Remote Code Execution Vulnerability
21937 Microsoft Outlook Malformed Email Header Remote Denial of Service Vulnerability
21936 Microsoft Outlook Advanced Find Remote Code Execution Vulnerability
21930 Microsoft Windows Vector Markup Language Buffer Overrun Vulnerability
Exploit / POC
RETIRED: Microsoft January Advance Notification Multiple Vulnerabilities
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Microsoft January Advance Notification Multiple Vulnerabilities
Solution:
Microsoft plans to release fixes to address these issues on January 9, 2007.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Microsoft plans to release fixes to address these issues on January 9, 2007.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: Microsoft January Advance Notification Multiple Vulnerabilities
References:
References:
- Microsoft Security Bulletin Advance Notification (Microsoft)