Today, Microsoft released three critical, one important, and one moderate security updates. You may follow the links provided for more details:
CriticalCumulative Security Update for Internet Explorer (912812)
This is a cumulative update which concerns the following:
- DHTML Method Call Memory Corruption Vulnerability – CVE-2006-1359
- Multiple Event Handler Memory Corruption Vulnerability – CVE-2006-1245
- HTA Execution Vulnerability – CVE-2006-1388
- HTML Parsing Vulnerability – CVE-2006-1185
- COM Object Instantiation Memory Corruption Vulnerability – CVE-2006-1186
- HTML Tag Memory Corruption Vulnerability – CVE-2006-1188
- Double-Byte Character Parsing Memory Corruption Vulnerability – CVE-2006-1189
- Script Execution Vulnerability – CVE-2006-1190
- Cross-Domain Information Disclosure Vulnerability – CVE-2006-1191
- Address Bar Spoofing Vulnerability – CVE-2006-1192
A remote code execution vulnerability exists in the RDS.Dataspace ActiveX control that is provided as part of the ActiveX Data Objects (ADO) and that is distributed in MDAC. An attacker who successfully exploited this vulnerability could take complete control of an affected system.Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)
A remote code execution vulnerability exists in Windows Explorer because of the way that it handles COM objects. An attacker would need to convince a user to visit a Web site that could force a connection to a remote file server. This remote file server could then cause Windows Explorer to fail in a way that could allow code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
ImportantCumulative Security Update for Outlook Express (911567)
A remote code execution vulnerability exists in Outlook Express when using a Windows Address Book (.wab) file that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
ModerateVulnerability in Microsoft FrontPage Server Extensions Could Allow Cross-Site Scripting (917627)
The cross-site scripting vulnerability could allow an attacker to run client-side script on behalf of an FPSE user. The script could spoof content, disclose information, or take any action that the user could take on the affected web site. Attempts to exploit this vulnerability require user interaction. An attacker who successfully exploited this vulnerability against an administrator could take complete control of a Front Page Server Extensions 2002 server.