• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Microsoft December Advance Notification Multiple Vulnerabilities

Microsoft has released advance notification that the vendor will be releasing six security bulletins in all (five for Windows and one for Microsoft Visual Studio) on December 12, 2006. The highest severity rating for these issues is 'Critical'.

Further details about these issues are not currently available. Individual BIDs will be created for each issue; this record will be removed when the security bulletins are released.

These vulnerabilities have been assigned to the following BIDs:

21552 Microsoft Internet Explorer Script Error Handling Remote Code Execution Vulnerability
21546 Microsoft Internet Explorer DHTML Script Function Remote Code Execution Vulnerability
21494 Microsoft Internet Explorer Drag and Drop TIF Folder Information Disclosure Vulnerability
21507 Microsoft Internet Explorer Object Tag TIF Folder Information Disclosure Vulnerability
20843 Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
21537 Microsoft Windows SNMP Service Remote Code Execution Vulnerability
21550 Microsoft Windows Manifest File Privilege Escalation Vulnerability
21501 Microsoft Outlook Express Windows Address Book Contact Record Remote Code Execution Vulnerability
21495 Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
21505 Windows Media Player Remote ASF File Buffer Overflow Vulnerability
21247 Windows Media Player ASX PlayList File Heap Overflow Vulnerability