= Black Tuesday Dec. 2006 =

I know this is a bit after the fact; I blame Canada.

As always, Microsoft's official overview can be found [https://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx here].[[BR]]
ISC's gridtastic overview can be found [http://isc.sans.org/diary.php?storyid=1928 here].

But as always, I'm just highlighting the client-side type exploits, so you can see the above to see everything. It turns out they're almost all client-side vulnerabilities thought.

[http://www.microsoft.com/technet/security/Bulletin/MS06-072.mspx MS06-072] (Critical) is a cumulative update for IE (6 and below, not 7), and is primarily comprised of issues which were not previously known or public. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5579 CVE-2006-5579] is an issue with !JavaScript which can cause multiple errors simultaneously and then subsequently access previously freed memory. This can potentially lead to remote code execution. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5581 CVE-2006-5581] pertains to the "inproper use of the normalize() function" ([http://www.zerodayinitiative.com/advisories/ZDI-06-048.html advisory]) in DHTML which can allow a user to execute arbitrary code. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5578 CVE-2006-5578] and [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5577 CVE-2006-5577] are both information disclosure vulnerabilities related to Temporary Internet Files (TIFs), however MS rates the former as "Important" and the latter as "Moderate." What's interesting about these is that the second one can be used to learn the path of a TIF and then that path can be used by the first one which can access (i.e. retrieve via a malicious website, if the name is known) arbitrary TIF files.

[http://www.microsoft.com/technet/security/bulletin/ms06-073.mspx MS06-073] (Critical) I don't think I need to say too much about this, because I already covered it [VisualStudio here] when it came out.

[http://www.microsoft.com/technet/security/Bulletin/MS06-078.mspx MS06-078] (Critical) deals with 2 Windows Media Player flaws. [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4702 CVE-2006-4702] is a buffer overflow in .asf files which can lead to arbitrary code execution in WMP 6.4. [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-6134 CVE-2006-6134] is a heap-overflow in the core DLL for WMP 10 which deals with .asx files.

[http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx MS06-076] (Important) is single unspecified vulnerability in Outlook Express whereby an attacker can create a malicious Windows Address Book (WAB) file. This can lead to code execution, however it appears the user has to manually open up the WAB file in order to trigger it, hence its lowered severity rating. This issue is [http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2386 CVE-2006-2386].

To see previous month's patches which pertained to client-side security, you can use the !BlackTuesday tag below.