It concerned a flaw in how Windows processed Windows Metafile (WMF) images. This allowed remote code execution (RCE) if a user viewed a specially crafted WMF file. Exploitation could occur via malicious websites (drive-by downloads), emails, or instant messages.
The vulnerability was being actively exploited in the wild as a zero-day before a patch was available. Microsoft released an out-of-band security update, MS06-001, in January 2006 to address it. Organizations were urged to apply the patch immediately to prevent system compromise.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA06-129A
Microsoft Windows and Exchange Server Vulnerabilities
Original release date: May 9, 2006
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Exchange Server
For more complete information, refer to the Microsoft Security
Bulletin Summary for May 2006.
Overview
Microsoft has released updates that address critical vulnerabilities
in Microsoft Windows and Exchange Server. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code or cause a denial of service on a vulnerable
system.
I. Description
Microsoft Security Bulletin Summary for May 2006 addresses
vulnerabilities in Microsoft Windows and Exchange Server. Further
information is available in the following US-CERT Vulnerability Notes:
VU#303452 - Microsoft Exchange fails to properly handle vCal and iCal
properties
Microsoft Exchange Server does not properly handle the vCal and iCal
properties of email messages. Exploitation of this vulnerability may
allow a remote, unauthenticated attacker to execute arbitrary code on
an Exchange Server.
(CVE-2006-0027)
VU#945060 - Adobe Flash products contain multiple vulnerabilities
Several vulnerabilities in Adobe Macromedia Flash products may allow a
remote attacker to execute code on a vulnerable system.
(CVE-2006-0024)
VU#146284 - Macromedia Flash Player fails to properly validate the
frame type identifier read from a "SWF" file
A buffer overflow vulnerability in some versions of the Macromedia
Flash Player may allow a remote attacker to execute code on a
vulnerable system.
(CVE-2005-2628)
II. Impact
A remote, unauthenticated attacker could execute arbitrary code on a
vulnerable system. An attacker may also be able to cause a denial of
service.
III. Solution
Apply Updates
Microsoft has provided updates for these vulnerabilities in the
Security Bulletins. Microsoft Windows updates are available on the
Microsoft Update site.
Workarounds
Please see the US-CERT Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for May 2006 -
<http://www.microsoft.com/technet/security/bulletin/ms06-may.mspx>
* Technical Cyber Security Alert TA06-075A -
<http://www.us-cert.gov/cas/techalerts/TA06-075A.html>
* US-CERT Vulnerability Note VU#303452 -
<http://www.kb.cert.org/vuls/id/303452>
* US-CERT Vulnerability Note VU#945060 -
<http://www.kb.cert.org/vuls/id/945060>
* US-CERT Vulnerability Note VU#146284 -
<http://www.kb.cert.org/vuls/id/146284>
* CVE-2006-0027 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0027>
* CVE-2006-0024 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0024>
* CVE-2005-2628 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2628>
* Microsoft Update - <https://update.microsoft.com/microsoftupdate>
____________________________________________________________________
The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/techalerts/TA06-129A.html>
____________________________________________________________________
Feedback can be directed to US-CERT Technical Staff. Please send
email to <
subject.
____________________________________________________________________
For instructions on subscribing to or unsubscribing from this
mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________
Produced 2006 by US-CERT, a government organization.
Terms of use:
<http://www.us-cert.gov/legal.html>
____________________________________________________________________
Revision History
May 9, 2006: Initial release
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBRGDvB30pj593lg50AQJkAQf9FqFX8S29GmV1pKfRCfkEY9ooi/ygyeyu
l+z2OpoJsu4BHhYbXahssZLutNh0UtpC2Qv17sgHP2xg2sIokqgqkdMH1WQn4kAw
x6RWPlI7hraIg/tY1lSZayZris4XMuDzNiqfpa/gN7oOSOtnIZ6Ky5+h5nIk+xxk
Q50BdlEHmw5e62LyW7qnBAoHuHzEQq/xS52DtTat+aigRYePq3SX2f8S4BpZyKzq
kQKN7kn2keseziuKCMEMNIH0bUunUr6M2kRsBPIBUrAi03Fmgx2Qfy7yMHRV/0Gg
A2jjB48O4m+fuHHQSVSP2gCtSbe9ChiWJ8Db1nY1pnsQ42fZvqQekg==
=nxe/
-----END PGP SIGNATURE-----