NO. 20060511

 

 

CVE ID: CVE-2006-0027

 

Severity Rating: Critical

 

Vulnerabilities exist in Microsoft Exchange server that when the Exchanger server receives a message that contains specially crafted properties for vCAL and iCAL, a remote code execution can happen and cause the system compromised. BSST suggests that Exchange server users consider applying this patch immediately.

 

 

 

CVE ID: CVE-2006-0024, CVE-2005-2628

 

Severity Rating: Critical

 

Vulnerabilities exist in Macromedia Flash Player from Adobe that when a vulnerable system opens a crafted Flash file, a remote code execution can happen and cause the system be controlled by attackers. Malformed Flashed files can be delivered via P2P, Instant Messenger, or web pages. Please be advised that Flashplayer version 6 is not patched by MS06-020, which means that Flashplayer 6 users are still exposed to attacks. Flashplayer version 8.0.24.0 is not affected by this vulnerability. BSST

suggests that Flashplayer users either consider using version 8.0.24.0 or apply MS06-020 patch.

 

 

 

 

CVE ID: CVE-2006-0034, CVE-2006-1184

 

Severity Rating: Moderate

 

Vulnerabilities exit in MSDTC (Microsoft Distributed Transaction Coordinator) that when MSDTC processes malformed messages, a denial of service attack can happen and cause MSDTC stop responding. These vulnerabilities can be exploited locally or remotely. Please be advised that Windows 2000 by default has MSDTC service enabled. BSST suggest that Windows XP/2000/2003 users consider applying this patch.

 

 

Broadweb BSST has been watching exploits for the above vulnerabilities and will release signatures anytime. Customers of Broadweb are advised to watch pattern release notices from Broadweb and keep their patterns up-to-date.

 

About BSST

Broadweb Security Service Team (BSST) - Empower Your Network Security Broadweb NetKeeper Intruder Prevention System delivers the protection against intrusion, worms, DDOS, Instant messaging, P2P, Web-Mail, and Web Post.

 

Reference: