FW: Alert: Microsoft Security Bulletin MS06-004 - Cumulative Security Update for Internet Explorer (910620)



Microsoft Security Bulletin MS06-004:
Cumulative Security Update for Internet Explorer (910620)

Bulletin URL:
<http://www.microsoft.com/technet/security/Bulletin/MS06-004.mspx>

Version Number: 1.0
Issued Date: Tuesday, February 14, 2006
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Patch(es) Replaced: This update replaces the update that is included
with Microsoft Security Bulletin MS05-054. That update is also a
cumulative update.
Caveats: Microsoft Knowledge Base Article 910620 documents the currently
known issues that customers may experience when they install this
security update. The article also documents recommended solutions for
these issues. For more information, see Microsoft Knowledge Base Article
910620. This update does include hotfixes that have been released since
the release of MS04-004 and MS04-025, but they will only be installed on
systems that need them. Customers who have received hotfixes from
Microsoft or from their support providers since the release of MS04-004
or MS04-025 should review the 'I have received a hotfix from Microsoft
or my support provider since the release of MS04-004. Is that hotfix
included in this security update?' question in the FAQ section of this
bulletin to determine how you can make sure that the necessary hotfixes
are installed. Microsoft Knowledge Base Article 910620 also documents
this in more detail.

Tested Software:
Affected Software:
------------------
* Microsoft Windows 2000 Service Pack 4
* Internet Explorer 5.01 Service Pack 4 on Windows 2000 (all versions)

Affected Components:
--------------------
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
Service Pack 4
<http://tinyurl.com/danx9>

Technical Description:
----------------------
* WMF Image Parsing Memory Corruption Vulnerability - CVE-2006-0020: A
remote code execution vulnerability exists in Internet Explorer because
of the way that it handles Windows Metafile (WMF) images. An attacker
could exploit the vulnerability by constructing a specially crafted WMF
image that could potentially allow remote code execution if a user
visited a malicious Web site, opened or previewed an e-mail message, or
opened a specially crafted attachment in e-mail. An attacker who
successfully exploited this vulnerability could take complete control of
an affected system. Note that this vulnerability in Internet Explorer is
separate from the vulnerabilities addressed in Windows in MS05-053 and
MS06-001.

This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.01.2194.14842)

Cheers,
Russ Cooper - Senior Scientist - Cybertrust/NTBugtraq Editor

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
--



Relevant Pages

  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #83
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft IIS CodeBrws.ASP Source Code Disclosure Vulnerability ... Microsoft Internet Explorer History List Script Injection ... Microsoft Windows 2000 Lanman Denial of Service Vulnerability ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #81
    ... MICROSOFT VULNERABILITY SUMMARY ... WWWIsis Remote Command Execution Vulnerability ... Windows NT 4.0 Print Spooler Security ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #185
    ... NEW MICROSOFT VULNERABILITIES - Audit Your Network Security ... SurgeLDAP User.CGI Directory Traversal Vulnerability ... Microsoft Windows H.323 Remote Buffer Overflow Vulnerability ... Microsoft Jet Database Engine Remote Code Execution Vulnerab... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #336
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows Unspecified Remote Code Execution Vulnerability ... Microsoft Windows Explorer BMP Image Denial of Service Vulnerability ... An attacker could leverage this issue to have arbitrary code execute with kernel level privileges. ...
    (Focus-Microsoft)