Jump to content
Microsoft Windows Bulletin Board

MS06-048 Fixed or not?

Guest msb-2007@nospam.nospam

By Guest msb-2007@nospam.nospam
in Security

 Share

Recommended Posts

Guest msb-2007@nospam.nospam

Guest msb-2007@nospam.nospam

Posted
Posted

In the writeup for MS06-048, a Powerpoint vulnerability "Microsoft Powerpoint

Mso.dll Vulnerability CVE-2006-3590" is referenced. Based upon the writeup,

the reader is left with the understanding that the included security updates

remove this vulnerability.

 

HOWEVER, when following up on the CVE link, several of the security vendors

show this as NOT fixed... what gives?

 

Ref: http://xforce.iss.net/xforce/xfdb/27781 (says "no remedy available as

of June 2007)

http://www.securityfocus.com/bid/18993 (says "Currently we are not

aware of any vendor-supplied patches for these issues.")

 

Thanks in advance.

 

-Matt

Guest MowGreen [MVP]

Guest MowGreen [MVP]

Posted
Posted

This blog says the update fixed the vulnerability:

http://blogs.securiteam.com/?p=508

 

This writeup also says it was resolved:

http://www.kb.cert.org/vuls/id/936945

 

Secunia states:

> Solution:

> Apply patches

http://secunia.com/advisories/21040/

 

As does: http://www.frsirt.com/english/advisories/2006/2795

 

Subsequently, Mso.dll was updated to V. 11.0.8132.0 March 17, 2007:

Microsoft Security Bulletin MS07-025

Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)

http://www.microsoft.com/technet/security/Bulletin/MS07-025.mspx

 

The above replaces MS07-015, which replaced MS06-062, which replaced

MS06-048.

 

I need a nap now <w>

 

MowGreen [MVP 2003-2007]

===============

*-343-* FDNY

Never Forgotten

===============

 

 

 

msb-2007@nospam.nospam wrote:

> In the writeup for MS06-048, a Powerpoint vulnerability "Microsoft Powerpoint

> Mso.dll Vulnerability CVE-2006-3590" is referenced. Based upon the writeup,

> the reader is left with the understanding that the included security updates

> remove this vulnerability.

>

> HOWEVER, when following up on the CVE link, several of the security vendors

> show this as NOT fixed... what gives?

>

> Ref: http://xforce.iss.net/xforce/xfdb/27781 (says "no remedy available as

> of June 2007)

> http://www.securityfocus.com/bid/18993 (says "Currently we are not

> aware of any vendor-supplied patches for these issues.")

>

> Thanks in advance.

>

> -Matt

>

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...