[Microsoft Alert] Microsoft Security Bulletin MS06-009

Vulnerability in the Korean Input Method Editor Could Allow Elevation of Privilege (901190)

Issued: February 14, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft Windows or Microsoft Office 2003

Impact of Vulnerability: Elevation of Privilege

Maximum Severity Rating: Important

Recommendation: Customers should apply the update at the earliest opportunity

Security Update Replacement: This security update replaces MS06-003 specifically for the Korean version of the Microsoft Office 2003 Multilingual User Interface Pack.

 

Vulnerability Details:

A privilege elevation vulnerability exists in the Windows and Office Korean Input Method Editor (IME). This vulnerability could allow a malicious user to take complete control of an affected system. For an attack to be successful an attacker must be able to interactively logon to the affected system.

 

Affected Software:

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

 

Microsoft Windows XP Professional x64 Edition

 

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

 

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

 

Microsoft Windows Server 2003 x64 Edition

 

Microsoft Office 2003 Software:

Microsoft Office 2003 Service Pack 1 and Service Pack 2

 

Microsoft Office 2003 Multilingual User Interface Packs

 

Microsoft Office Visio 2003 Multilingual User Interface Packs

 

Microsoft Office Project 2003 Multilingual User Interface Packs

 

Microsoft Office 2003 Proofing Tools

 

Microsoft Office Visio 2003

 

Microsoft Office OneNote 2003

 

Microsoft Office Project 2003

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

---