Microsoft Security Bulletin Summary for February 2007
@ 2007/02/14Critical Security Bulletins
===========================
MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow
Remote Code Execution (928843)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-009 - Vulnerability in Microsoft Data Access Components (MDAC)
Function Could Allow Remote Code Execution (927779)
- Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows Server 2003
- Windows Server 2003 on Itanium-based Systems
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-010 - Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution (932135)
- Affected Software:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateways 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-014 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution (929434)
- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office System 2003
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Microsoft Works Suites 2004, 2005, and 2006
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-015 - Vulnerabilities is Microsoft Office Could Allow Remote
Code Execution (932554)
- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office 2003 Service Pack 2
- Microsoft Office 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-016 - Cumulative Security Update for Internet (928090)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS07-005 - Vulnerability in Step-by-Step Interactive Training Could
Allow Remote Code Execution (923723)
- Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of
Privilege (928255)
- Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Elevation or Privilege
- Version Number: 1.0
MS07-007 - Vulnerability in Windows Image Acquisition Service Could
Allow Remote Code Execution (927802)
- Affected Software:
- Windows XP Service Pack 2
- Impact: Elevation or Privilege
- Version Number: 1.0
MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote
Code Execution (926436)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code
Execution (924667)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Visual Studio .NET 2002(all versions and products included in the Visual
Studio .NET 2002 suite)
- Visual Studio .NET 2003(all versions and products included in the Visual
Studio .NET 2003 suite)
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote
Code Execution (918118)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Office 2000 Service Pack 3
- Office 2000 Multilanguage Packs
- Office XP Service Pack 3 (all versions and products included in the
Office XP suite)
- Office 2003 Service Pack 2
- Learning Essentials 1.0
- Learning Essentials 1.1
- Learning Essentials 1.5
- Global Input Method Editor for Office 2000 (Japanese)
- Office 2004 for Mac
- Office v.X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
---
===========================
MS07-008 - Vulnerability in HTML Help ActiveX Control Could Allow
Remote Code Execution (928843)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-009 - Vulnerability in Microsoft Data Access Components (MDAC)
Function Could Allow Remote Code Execution (927779)
- Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows Server 2003
- Windows Server 2003 on Itanium-based Systems
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-010 - Vulnerability in Microsoft Malware Protection Engine
Could Allow Remote Code Execution (932135)
- Affected Software:
- Windows Live OneCare
- Microsoft Antigen for Exchange 9.x
- Microsoft Antigen for SMTP Gateways 9.x
- Microsoft Windows Defender
- Microsoft Windows Defender x64 Edition
- Microsoft Windows Defender in Windows Vista
- Microsoft Forefront Security for Exchange Server
- Microsoft Forefront Security for SharePoint
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-014 - Vulnerability in Microsoft Word Could Allow Remote Code
Execution (929434)
- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office System 2003
- Microsoft Office 2004 for Mac
- Microsoft Office v.X for Mac
- Microsoft Works Suites 2004, 2005, and 2006
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-015 - Vulnerabilities is Microsoft Office Could Allow Remote
Code Execution (932554)
- Affected Software:
- Office 2000 Service Pack 3
- Office XP Service Pack 3
- Office 2003 Service Pack 2
- Microsoft Office 2004 for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-016 - Cumulative Security Update for Internet (928090)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
Important Security Bulletins
============================
MS07-005 - Vulnerability in Step-by-Step Interactive Training Could
Allow Remote Code Execution (923723)
- Affected Software:
- Windows 2000 SP4
- Windows XP SP2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 SP1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-006 - Vulnerability in Windows Shell Could Allow Elevation of
Privilege (928255)
- Affected Software:
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Elevation or Privilege
- Version Number: 1.0
MS07-007 - Vulnerability in Windows Image Acquisition Service Could
Allow Remote Code Execution (927802)
- Affected Software:
- Windows XP Service Pack 2
- Impact: Elevation or Privilege
- Version Number: 1.0
MS07-011 - Vulnerability in Microsoft OLE Dialog Could Allow Remote
Code Execution (926436)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-012 - Vulnerability in Microsoft MFC Could Allow Remote Code
Execution (924667)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Visual Studio .NET 2002(all versions and products included in the Visual
Studio .NET 2002 suite)
- Visual Studio .NET 2003(all versions and products included in the Visual
Studio .NET 2003 suite)
- Impact: Remote Code Execution
- Version Number: 1.0
MS07-013 - Vulnerability in Microsoft RichEdit Could Allow Remote
Code Execution (918118)
- Affected Software:
- Windows 2000 Service Pack 4
- Windows XP Service Pack 2
- Windows XP Professional x64 Edition
- Windows Server 2003
- Windows Server 2003 Service Pack 1
- Windows Server 2003 for Itanium-based Systems
- Windows Server 2003 with SP1 for Itanium-based Systems
- Windows Server 2003 x64 Edition
- Office 2000 Service Pack 3
- Office 2000 Multilanguage Packs
- Office XP Service Pack 3 (all versions and products included in the
Office XP suite)
- Office 2003 Service Pack 2
- Learning Essentials 1.0
- Learning Essentials 1.1
- Learning Essentials 1.5
- Global Input Method Editor for Office 2000 (Japanese)
- Office 2004 for Mac
- Office v.X for Mac
- Impact: Remote Code Execution
- Version Number: 1.0
---