| Security Updates Summary For May 2006 |
| Wednesday, 10 May 2006 by Michel Roth | |||
|
A remote code execution vulnerability exists in Macromedia Flash Player from Adobe because of the way that it handles Flash Animation (SWF) files. An attacker could exploit the vulnerability by constructing a specially crafted Flash Animation (SWF) file that could potentially allow remote code execution if a user visited a Web site containing the specially crafted SWF file or viewed an e-mail message containing the specially crafted SWF file as an attachment. An attacker who successfully exploited this vulnerability could take complete control of an affected system. MS06-19: Vulnerability in Microsoft Exchange Could Allow Remote Code Execution (916803) A remote code execution vulnerability exists in Microsoft Exchange Server that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. An attacker could exploit the vulnerability by constructing a specially crafted message that could potentially allow remote code execution when an Exchange Server processes an email with certain vCal or iCal properties. MS06-18: Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service (913580) A denial of service vulnerability exists that could allow an attacker to send a specially crafted network message to an affected system. An attacker could cause the Microsoft Distributed Transaction Coordinator (MSDTC) to stop responding. Note that the denial of service vulnerability would not allow an attacker to execute code or to elevate their user rights, but it could cause the affected system to stop accepting requests.
Show/Hide comment form
 |
|||
