var-200607-0007
Vulnerability from variot
Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Microsoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Microsoft Office applications fail to properly handle PNG images. To exploit this issue, attackers must be able to place and execute malicious ASP pages on computers running the affected ASP server software. This may be an issue in shared-hosting environments.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-192A
Microsoft Windows, Office, and IIS Vulnerabilities
Original release date: July 11, 2006 Last revised: -- Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Internet Information Services (IIS)
* Microsoft Office
* Microsoft Office for Mac
* Microsoft Access
* Microsoft Excel and Excel Viewer
* Microsoft FrontPage
* Microsoft InfoPath
* Microsoft OneNote
* Microsoft Outlook
* Microsoft PowerPoint
* Microsoft Project
* Microsoft Publisher
* Microsoft Visio
* Microsoft Word and Word Viewer
Overview
Microsoft has released updates that address critical vulnerabilities in Microsoft Windows, IIS, and Office.
I. Description
Microsoft Security Bulletin Summary for July 2006 addresses vulnerabilities in Microsoft products including Windows, IIS, and Office. (CVE-2006-0007)
In MS06-037, Microsoft has released updates for the Excel vulnerability (VU#802324) described in Technical Cyber Security Alert TA06-167A.
II. An attacker may also be able to cause a denial of service.
III. Solution
Apply a patch from your vendor
Microsoft has provided updates for these vulnerabilities in the Security Bulletins. Updates for Microsoft Windows and Microsoft Office XP and later are available on the Microsoft Update site. Apple Mac OS X users should obtain updates from the Mactopia web site.
System administrators may wish to consider using Windows Server Update Services (WSUS).
Workaround
Please see the following Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for July 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx>
* Technical Cyber Security Alert TA06-167A -
<http://www.us-cert.gov/cas/techalerts/TA06-167A.html>
* US-CERT Vulnerability Notes for Microsoft July 2006 updates -
<http://www.kb.cert.org/vuls/byid?searchview&query=ms06-jul>
* US-CERT Vulnerability Note VU#395588 -
<http://www.kb.cert.org/vuls/id/395588>
* US-CERT Vulnerability Note VU#189140 -
<http://www.kb.cert.org/vuls/id/189140>
* US-CERT Vulnerability Note VU#257164 -
<http://www.kb.cert.org/vuls/id/257164>
* US-CERT Vulnerability Note VU#802324 -
<http://www.kb.cert.org/vuls/id/802324>
* US-CERT Vulnerability Note VU#580036 -
<http://www.kb.cert.org/vuls/id/580036>
* US-CERT Vulnerability Note VU#609868 -
<http://www.kb.cert.org/vuls/id/609868>
* US-CERT Vulnerability Note VU#409316 -
<http://www.kb.cert.org/vuls/id/409316>
* US-CERT Vulnerability Note VU#459388 -
<http://www.kb.cert.org/vuls/id/459388>
* US-CERT Vulnerability Note VU#668564 -
<http://www.kb.cert.org/vuls/id/668564>
* CVE-2006-0026 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026>
* CVE-2006-1314 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314>
* CVE-2006-2372 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372>
* CVE-2006-3059 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059>
* CVE-2006-1316 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316>
* CVE-2006-1540 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540>
* CVE-2006-2389 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389>
* CVE-2006-0033 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033>
* CVE-2006-0007 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
* Microsoft Office Update - <http://officeupdate.microsoft.com>
* Mactopia - <http://www.microsoft.com/mac>
* Windows Server Update Services -
<http://www.microsoft.com/windowsserversystem/updateservices/default.mspx>
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-192A.html>
Feedback can be directed to US-CERT Technical Staff. Please send email to cert@cert.org with "TA06-192A Feedback VU#802324" in the subject.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html.
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
Revision History
July 11, 2006: Initial release
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRLQsLn0pj593lg50AQLyjQf/blQM+kdtxI5/dQ/Njj99QuR3yBT9ERwJ QfZgOr8yN4rUhOU1xkXq6go7E1W4kfwuKVwwobLuYXk9Cq6xP4aVpt0/ws53wNHI iAvJ1rURSFcVwDAXKvbiv7mmjORA36R5M37JiwR0ny76f20yZaz8LTjMbhwSLyFR Cj7kPE0o6Fu0uUwI7ETskfcK4iF0PVoVW2mava1YG8zFuby/A+Ps7ddQvu/EcaxP Y12QXtCP1jsB3+iJKAh7aQAh9h8aV6nuq4NZyFAHmao8iQo7qd9BMG451xTPDxn3 PoM2y5R0bXko+E4hWudpjel/JABm+nIV3R9il1QDantUI0aCqTDS9A== =7GPc -----END PGP SIGNATURE----- . Other versions of Excel, and other Office programs may be affected or act as attack vectors. Opening a specially crafted Excel document, including documents hosted on web sites or attached to email messages, could trigger the vulnerability.
Office documents can contain embedded objects. For example, a malicious Excel document could be embedded in an Word or PowerPoint document. Office documents other than Excel documents could be used as attack vectors. If the user has administrative privileges, the attacker could gain complete control of the system. Solution
At the time of writing, there is no complete solution available. Consider the following workarounds:
Do not open untrusted Excel documents
Do not open unfamiliar or unexpected Excel or other Office documents, including those received as email attachments or hosted on a web site. Please see Cyber Security Tip ST04-010 for more information.
Do not rely on file extension filtering
In most cases, Windows will call Excel to open a document even if the document has an unknown file extension. For example, if document.x1s (note the digit "1") contains the correct file header information, Windows will open document.x1s with Excel.
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-167A.html>
Feedback can be directed to US-CERT Technical Staff
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200607-0007",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": null,
"scope": null,
"trust": 7.2,
"vendor": "microsoft",
"version": null
},
{
"model": "internet information server",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "internet information services",
"scope": "eq",
"trust": 1.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "6.0"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "iis",
"scope": "eq",
"trust": 1.1,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.0"
},
{
"model": "internet information server",
"scope": "eq",
"trust": 0.6,
"vendor": "microsoft",
"version": "5.1"
},
{
"model": "windows xp tablet pc edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp tablet pc edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp tablet pc edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "x64"
},
{
"model": "windows xp professional sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp professional",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp media center edition sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp media center edition sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp media center edition",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp2",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home sp1",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp home",
"scope": null,
"trust": 0.3,
"vendor": "microsoft",
"version": null
},
{
"model": "windows xp",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "0"
},
{
"model": "windows server web edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server standard edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server enterprise edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server enterprise edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server enterprise edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003x64"
},
{
"model": "windows server datacenter edition itanium sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition itanium",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "20030"
},
{
"model": "windows server datacenter edition sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server datacenter edition",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2003"
},
{
"model": "windows server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows professional",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows datacenter server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp4",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp3",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp2",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server sp1",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
},
{
"model": "windows advanced server",
"scope": "eq",
"trust": 0.3,
"vendor": "microsoft",
"version": "2000"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#257164"
},
{
"db": "CERT/CC",
"id": "VU#189140"
},
{
"db": "CERT/CC",
"id": "VU#668564"
},
{
"db": "CERT/CC",
"id": "VU#459388"
},
{
"db": "CERT/CC",
"id": "VU#395588"
},
{
"db": "CERT/CC",
"id": "VU#609868"
},
{
"db": "CERT/CC",
"id": "VU#580036"
},
{
"db": "CERT/CC",
"id": "VU#409316"
},
{
"db": "CERT/CC",
"id": "VU#802324"
},
{
"db": "BID",
"id": "18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:microsoft:iis",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Brett Moore brett.moore@SECURITY-ASSESSMENT.COM",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
}
],
"trust": 0.6
},
"cve": "CVE-2006-0026",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.0,
"id": "CVE-2006-0026",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2006-0026",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#257164",
"trust": 0.8,
"value": "78.00"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#189140",
"trust": 0.8,
"value": "11.99"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#668564",
"trust": 0.8,
"value": "17.63"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#459388",
"trust": 0.8,
"value": "21.16"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#395588",
"trust": 0.8,
"value": "19.43"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#609868",
"trust": 0.8,
"value": "33.67"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#580036",
"trust": 0.8,
"value": "16.03"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#409316",
"trust": 0.8,
"value": "22.44"
},
{
"author": "CARNEGIE MELLON",
"id": "VU#802324",
"trust": 0.8,
"value": "46.54"
},
{
"author": "NVD",
"id": "CVE-2006-0026",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200607-145",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#257164"
},
{
"db": "CERT/CC",
"id": "VU#189140"
},
{
"db": "CERT/CC",
"id": "VU#668564"
},
{
"db": "CERT/CC",
"id": "VU#459388"
},
{
"db": "CERT/CC",
"id": "VU#395588"
},
{
"db": "CERT/CC",
"id": "VU#609868"
},
{
"db": "CERT/CC",
"id": "VU#580036"
},
{
"db": "CERT/CC",
"id": "VU#409316"
},
{
"db": "CERT/CC",
"id": "VU#802324"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows local and possibly remote attackers to execute arbitrary code via crafted Active Server Pages (ASP). Microsoft DHCP Client service contains a buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Microsoft Office applications fail to properly handle PNG images. \nTo exploit this issue, attackers must be able to place and execute malicious ASP pages on computers running the affected ASP server software. This may be an issue in shared-hosting environments. \n\n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n National Cyber Alert System\n\n Technical Cyber Security Alert TA06-192A\n\n\nMicrosoft Windows, Office, and IIS Vulnerabilities\n\n Original release date: July 11, 2006\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Microsoft Windows\n * Microsoft Internet Information Services (IIS)\n * Microsoft Office\n * Microsoft Office for Mac\n * Microsoft Access\n * Microsoft Excel and Excel Viewer\n * Microsoft FrontPage\n * Microsoft InfoPath\n * Microsoft OneNote\n * Microsoft Outlook\n * Microsoft PowerPoint\n * Microsoft Project\n * Microsoft Publisher\n * Microsoft Visio\n * Microsoft Word and Word Viewer\n\n\nOverview\n\n Microsoft has released updates that address critical vulnerabilities\n in Microsoft Windows, IIS, and Office. \n\n\nI. Description\n\n Microsoft Security Bulletin Summary for July 2006 addresses\n vulnerabilities in Microsoft products including Windows, IIS, and\n Office. \n (CVE-2006-0007)\n\n\n In MS06-037, Microsoft has released updates for the Excel\n vulnerability (VU#802324) described in Technical Cyber Security Alert\n TA06-167A. \n\n\nII. An attacker may also be able to cause a denial of\n service. \n\n\nIII. Solution\n\nApply a patch from your vendor\n\n Microsoft has provided updates for these vulnerabilities in the\n Security Bulletins. Updates for Microsoft Windows and Microsoft Office\n XP and later are available on the Microsoft Update site. \n Apple Mac OS X users should obtain updates from the Mactopia web site. \n\n System administrators may wish to consider using Windows Server Update\n Services (WSUS). \n\nWorkaround\n\n Please see the following Vulnerability Notes for workarounds. \n\n\nAppendix A. References\n\n * Microsoft Security Bulletin Summary for July 2006 -\n \u003chttp://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx\u003e\n\n * Technical Cyber Security Alert TA06-167A -\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-167A.html\u003e\n\n * US-CERT Vulnerability Notes for Microsoft July 2006 updates -\n \u003chttp://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-jul\u003e\n\n * US-CERT Vulnerability Note VU#395588 -\n \u003chttp://www.kb.cert.org/vuls/id/395588\u003e\n\n * US-CERT Vulnerability Note VU#189140 -\n \u003chttp://www.kb.cert.org/vuls/id/189140\u003e\n\n * US-CERT Vulnerability Note VU#257164 -\n \u003chttp://www.kb.cert.org/vuls/id/257164\u003e\n\n * US-CERT Vulnerability Note VU#802324 -\n \u003chttp://www.kb.cert.org/vuls/id/802324\u003e\n\n * US-CERT Vulnerability Note VU#580036 -\n \u003chttp://www.kb.cert.org/vuls/id/580036\u003e\n\n * US-CERT Vulnerability Note VU#609868 -\n \u003chttp://www.kb.cert.org/vuls/id/609868\u003e\n\n * US-CERT Vulnerability Note VU#409316 -\n \u003chttp://www.kb.cert.org/vuls/id/409316\u003e\n\n * US-CERT Vulnerability Note VU#459388 -\n \u003chttp://www.kb.cert.org/vuls/id/459388\u003e\n\n * US-CERT Vulnerability Note VU#668564 -\n \u003chttp://www.kb.cert.org/vuls/id/668564\u003e\n\n * CVE-2006-0026 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0026\u003e\n\n * CVE-2006-1314 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1314\u003e\n\n * CVE-2006-2372 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2372\u003e\n\n * CVE-2006-3059 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3059\u003e\n\n * CVE-2006-1316 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1316\u003e\n\n * CVE-2006-1540 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-1540\u003e\n\n * CVE-2006-2389 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2389\u003e\n\n * CVE-2006-0033 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0033\u003e\n\n * CVE-2006-0007 -\n \u003chttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0007\u003e\n\n * Microsoft Update - \u003chttps://update.microsoft.com/microsoftupdate\u003e\n\n * Microsoft Office Update - \u003chttp://officeupdate.microsoft.com\u003e\n\n * Mactopia - \u003chttp://www.microsoft.com/mac\u003e\n\n * Windows Server Update Services -\n \u003chttp://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e\n\n\n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-192A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff. Please send\n email to \u003ccert@cert.org\u003e with \"TA06-192A Feedback VU#802324\" in the\n subject. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. \n ____________________________________________________________________\n\n Produced 2006 by US-CERT, a government organization. \n\n Terms of use:\n\n \u003chttp://www.us-cert.gov/legal.html\u003e\n ____________________________________________________________________\n\n\n Revision History\n\n July 11, 2006: Initial release\n\n\n \n\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.2.1 (GNU/Linux)\n\niQEVAwUBRLQsLn0pj593lg50AQLyjQf/blQM+kdtxI5/dQ/Njj99QuR3yBT9ERwJ\nQfZgOr8yN4rUhOU1xkXq6go7E1W4kfwuKVwwobLuYXk9Cq6xP4aVpt0/ws53wNHI\niAvJ1rURSFcVwDAXKvbiv7mmjORA36R5M37JiwR0ny76f20yZaz8LTjMbhwSLyFR\nCj7kPE0o6Fu0uUwI7ETskfcK4iF0PVoVW2mava1YG8zFuby/A+Ps7ddQvu/EcaxP\nY12QXtCP1jsB3+iJKAh7aQAh9h8aV6nuq4NZyFAHmao8iQo7qd9BMG451xTPDxn3\nPoM2y5R0bXko+E4hWudpjel/JABm+nIV3R9il1QDantUI0aCqTDS9A==\n=7GPc\n-----END PGP SIGNATURE-----\n. Other versions of\n Excel, and other Office programs may be affected or act as attack\n vectors. Opening a\n specially crafted Excel document, including documents hosted on web\n sites or attached to email messages, could trigger the vulnerability. \n\n Office documents can contain embedded objects. For example, a\n malicious Excel document could be embedded in an Word or PowerPoint\n document. Office documents other than Excel documents could be used as\n attack vectors. If the\n user has administrative privileges, the attacker could gain complete\n control of the system. Solution\n\n At the time of writing, there is no complete solution available. \n Consider the following workarounds:\n\nDo not open untrusted Excel documents\n\n Do not open unfamiliar or unexpected Excel or other Office documents,\n including those received as email attachments or hosted on a web site. \n Please see Cyber Security Tip ST04-010 for more information. \n\nDo not rely on file extension filtering\n\n In most cases, Windows will call Excel to open a document even if the\n document has an unknown file extension. For example, if document.x1s\n (note the digit \"1\") contains the correct file header information,\n Windows will open document.x1s with Excel. \n ____________________________________________________________________\n\n The most recent version of this document can be found at:\n\n \u003chttp://www.us-cert.gov/cas/techalerts/TA06-167A.html\u003e\n ____________________________________________________________________\n\n Feedback can be directed to US-CERT Technical Staff",
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0026"
},
{
"db": "CERT/CC",
"id": "VU#257164"
},
{
"db": "CERT/CC",
"id": "VU#189140"
},
{
"db": "CERT/CC",
"id": "VU#668564"
},
{
"db": "CERT/CC",
"id": "VU#459388"
},
{
"db": "CERT/CC",
"id": "VU#395588"
},
{
"db": "CERT/CC",
"id": "VU#609868"
},
{
"db": "CERT/CC",
"id": "VU#580036"
},
{
"db": "CERT/CC",
"id": "VU#409316"
},
{
"db": "CERT/CC",
"id": "VU#802324"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"db": "BID",
"id": "18858"
},
{
"db": "PACKETSTORM",
"id": "48187"
},
{
"db": "PACKETSTORM",
"id": "47665"
}
],
"trust": 8.55
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#395588",
"trust": 3.6
},
{
"db": "NVD",
"id": "CVE-2006-0026",
"trust": 2.8
},
{
"db": "BID",
"id": "18858",
"trust": 2.7
},
{
"db": "USCERT",
"id": "TA06-192A",
"trust": 2.5
},
{
"db": "SECUNIA",
"id": "21006",
"trust": 2.4
},
{
"db": "SECTRACK",
"id": "1016466",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "27152",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2006-2752",
"trust": 1.6
},
{
"db": "CERT/CC",
"id": "VU#802324",
"trust": 1.0
},
{
"db": "USCERT",
"id": "TA06-167A",
"trust": 1.0
},
{
"db": "CERT/CC",
"id": "VU#257164",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#189140",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#668564",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#459388",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#609868",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#580036",
"trust": 0.9
},
{
"db": "CERT/CC",
"id": "VU#409316",
"trust": 0.9
},
{
"db": "OSVDB",
"id": "26527",
"trust": 0.8
},
{
"db": "SECUNIA",
"id": "20686",
"trust": 0.8
},
{
"db": "BID",
"id": "18422",
"trust": 0.8
},
{
"db": "USCERT",
"id": "SA06-192A",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "48187",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "47665",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#257164"
},
{
"db": "CERT/CC",
"id": "VU#189140"
},
{
"db": "CERT/CC",
"id": "VU#668564"
},
{
"db": "CERT/CC",
"id": "VU#459388"
},
{
"db": "CERT/CC",
"id": "VU#395588"
},
{
"db": "CERT/CC",
"id": "VU#609868"
},
{
"db": "CERT/CC",
"id": "VU#580036"
},
{
"db": "CERT/CC",
"id": "VU#409316"
},
{
"db": "CERT/CC",
"id": "VU#802324"
},
{
"db": "BID",
"id": "18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"db": "PACKETSTORM",
"id": "48187"
},
{
"db": "PACKETSTORM",
"id": "47665"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"id": "VAR-200607-0007",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-11-29T21:58:09.360000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "MS06-034",
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx"
},
{
"title": "MS06-034",
"trust": 0.8,
"url": "http://www.microsoft.com/japan/technet/security/bulletin/ms06-034.mspx"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 4.8,
"url": "about vulnerability notes"
},
{
"trust": 4.8,
"url": "contact us about this vulnerability"
},
{
"trust": 4.8,
"url": "provide a vendor statement"
},
{
"trust": 2.7,
"url": "http://www.kb.cert.org/vuls/id/395588"
},
{
"trust": 2.4,
"url": "http://www.securityfocus.com/bid/18858"
},
{
"trust": 2.4,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-192a.html"
},
{
"trust": 1.6,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-035.mspx"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/21006"
},
{
"trust": 1.6,
"url": "http://securitytracker.com/id?1016466"
},
{
"trust": 1.6,
"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0316.html"
},
{
"trust": 1.6,
"url": "http://www.osvdb.org/27152"
},
{
"trust": 1.6,
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-034"
},
{
"trust": 1.6,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26796"
},
{
"trust": 1.6,
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a435"
},
{
"trust": 1.6,
"url": "http://www.vupen.com/english/advisories/2006/2752"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-036.mspx"
},
{
"trust": 0.8,
"url": "http://www.faqs.org/rfcs/rfc2131.html"
},
{
"trust": 0.8,
"url": "http://www.tippingpoint.com/security/advisories/tsrt-06-02.html"
},
{
"trust": 0.8,
"url": "http://msdn.microsoft.com/library/default.asp?url=/library/en-us/ipc/base/about_mailslots.asp"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-037.mspx"
},
{
"trust": 0.8,
"url": "http://www.microsoft.com/technet/security/advisory/921365.mspx"
},
{
"trust": 0.8,
"url": "http://blogs.technet.com/msrc/archive/2006/06/16/436174.aspx"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/20686/"
},
{
"trust": 0.8,
"url": "http://securityresponse.symantec.com/avcenter/venc/data/trojan.mdropper.j.html"
},
{
"trust": 0.8,
"url": "http://www.securityfocus.com/bid/18422"
},
{
"trust": 0.8,
"url": "http://www.osvdb.org/displayvuln.php?osvdb_id=26527"
},
{
"trust": 0.8,
"url": "http://isc.sans.org/diary.php?storyid=1420"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0026"
},
{
"trust": 0.8,
"url": "http://www.frsirt.com/english/advisories/2006/2752"
},
{
"trust": 0.8,
"url": "http://www.jpcert.or.jp/at/2006/at060010.txt"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-192a/index.html"
},
{
"trust": 0.8,
"url": "http://jvn.jp/cert/jvnta06-167a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-192a/"
},
{
"trust": 0.8,
"url": "http://jvn.jp/tr/trta06-167a/"
},
{
"trust": 0.8,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2006-0026"
},
{
"trust": 0.8,
"url": "http://secunia.com/advisories/21006/"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/alerts/sa06-192a.html"
},
{
"trust": 0.8,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-167a.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060621_110225.html"
},
{
"trust": 0.8,
"url": "http://www.cyberpolice.go.jp/important/2006/20060712_072107.html"
},
{
"trust": 0.3,
"url": "http://ruder.cdut.net/default.asp"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/windowsserver2003/iis/default.mspx"
},
{
"trust": 0.3,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-034.mspx"
},
{
"trust": 0.3,
"url": "/archive/1/440457"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-167a.html\u003e"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/cas/signup.html\u003e."
},
{
"trust": 0.2,
"url": "http://www.kb.cert.org/vuls/id/802324\u003e"
},
{
"trust": 0.2,
"url": "http://www.us-cert.gov/legal.html\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/byid?searchview\u0026query=ms06-jul\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0026"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/580036\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-1316"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/257164\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-1540"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/techalerts/ta06-192a.html\u003e"
},
{
"trust": 0.1,
"url": "https://update.microsoft.com/microsoftupdate\u003e"
},
{
"trust": 0.1,
"url": "http://officeupdate.microsoft.com\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2372\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/409316\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/609868\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/technet/security/bulletin/ms06-jul.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/mac\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0007"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-2389"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/459388\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0026\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/668564\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0007\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/189140\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-0033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-1314"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1540\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1314\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-2389\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-1316\u003e"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2006-3059"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-0033\u003e"
},
{
"trust": 0.1,
"url": "http://www.microsoft.com/windowsserversystem/updateservices/default.mspx\u003e"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3059\u003e"
},
{
"trust": 0.1,
"url": "http://www.kb.cert.org/vuls/id/395588\u003e"
},
{
"trust": 0.1,
"url": "http://www.us-cert.gov/cas/tips/st04-010.html\u003e"
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#257164"
},
{
"db": "CERT/CC",
"id": "VU#189140"
},
{
"db": "CERT/CC",
"id": "VU#668564"
},
{
"db": "CERT/CC",
"id": "VU#459388"
},
{
"db": "CERT/CC",
"id": "VU#395588"
},
{
"db": "CERT/CC",
"id": "VU#609868"
},
{
"db": "CERT/CC",
"id": "VU#580036"
},
{
"db": "CERT/CC",
"id": "VU#409316"
},
{
"db": "CERT/CC",
"id": "VU#802324"
},
{
"db": "BID",
"id": "18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"db": "PACKETSTORM",
"id": "48187"
},
{
"db": "PACKETSTORM",
"id": "47665"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#257164"
},
{
"db": "CERT/CC",
"id": "VU#189140"
},
{
"db": "CERT/CC",
"id": "VU#668564"
},
{
"db": "CERT/CC",
"id": "VU#459388"
},
{
"db": "CERT/CC",
"id": "VU#395588"
},
{
"db": "CERT/CC",
"id": "VU#609868"
},
{
"db": "CERT/CC",
"id": "VU#580036"
},
{
"db": "CERT/CC",
"id": "VU#409316"
},
{
"db": "CERT/CC",
"id": "VU#802324"
},
{
"db": "BID",
"id": "18858"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"db": "PACKETSTORM",
"id": "48187"
},
{
"db": "PACKETSTORM",
"id": "47665"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#257164"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#189140"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#668564"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#459388"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#395588"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#609868"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#580036"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#409316"
},
{
"date": "2006-06-16T00:00:00",
"db": "CERT/CC",
"id": "VU#802324"
},
{
"date": "2006-07-11T00:00:00",
"db": "BID",
"id": "18858"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"date": "2006-07-12T09:29:58",
"db": "PACKETSTORM",
"id": "48187"
},
{
"date": "2006-06-26T05:52:29",
"db": "PACKETSTORM",
"id": "47665"
},
{
"date": "2006-07-11T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"date": "2006-07-11T22:05:00",
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2006-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#257164"
},
{
"date": "2006-07-18T00:00:00",
"db": "CERT/CC",
"id": "VU#189140"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#668564"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#459388"
},
{
"date": "2006-07-19T00:00:00",
"db": "CERT/CC",
"id": "VU#395588"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#609868"
},
{
"date": "2006-07-13T00:00:00",
"db": "CERT/CC",
"id": "VU#580036"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#409316"
},
{
"date": "2006-07-11T00:00:00",
"db": "CERT/CC",
"id": "VU#802324"
},
{
"date": "2006-07-27T17:17:00",
"db": "BID",
"id": "18858"
},
{
"date": "2007-04-01T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000375"
},
{
"date": "2020-11-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200607-145"
},
{
"date": "2024-11-21T00:05:29.380000",
"db": "NVD",
"id": "CVE-2006-0026"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "48187"
},
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Microsoft DHCP Client service contains a buffer overflow",
"sources": [
{
"db": "CERT/CC",
"id": "VU#257164"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200607-145"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.