MS06-048 Fixed or not?

  • Thread starter Thread starter msb-2007@nospam.nospam
  • Start date Start date
M

msb-2007@nospam.nospam

In the writeup for MS06-048, a Powerpoint vulnerability "Microsoft Powerpoint
Mso.dll Vulnerability CVE-2006-3590" is referenced. Based upon the writeup,
the reader is left with the understanding that the included security updates
remove this vulnerability.

HOWEVER, when following up on the CVE link, several of the security vendors
show this as NOT fixed... what gives?

Ref: http://xforce.iss.net/xforce/xfdb/27781 (says "no remedy available as
of June 2007)
http://www.securityfocus.com/bid/18993 (says "Currently we are not
aware of any vendor-supplied patches for these issues.")

Thanks in advance.

-Matt
 
This blog says the update fixed the vulnerability:
http://blogs.securiteam.com/?p=508

This writeup also says it was resolved:
http://www.kb.cert.org/vuls/id/936945

Secunia states:
> Solution:
> Apply patches
http://secunia.com/advisories/21040/

As does: http://www.frsirt.com/english/advisories/2006/2795

Subsequently, Mso.dll was updated to V. 11.0.8132.0 March 17, 2007:
Microsoft Security Bulletin MS07-025
Vulnerability in Microsoft Office Could Allow Remote Code Execution (934873)
http://www.microsoft.com/technet/security/Bulletin/MS07-025.mspx

The above replaces MS07-015, which replaced MS06-062, which replaced
MS06-048.

I need a nap now <w>

MowGreen [MVP 2003-2007]
===============
*-343-* FDNY
Never Forgotten
===============



msb-2007@nospam.nospam wrote:

> In the writeup for MS06-048, a Powerpoint vulnerability "Microsoft Powerpoint
> Mso.dll Vulnerability CVE-2006-3590" is referenced. Based upon the writeup,
> the reader is left with the understanding that the included security updates
> remove this vulnerability.
>
> HOWEVER, when following up on the CVE link, several of the security vendors
> show this as NOT fixed... what gives?
>
> Ref: http://xforce.iss.net/xforce/xfdb/27781 (says "no remedy available as
> of June 2007)
> http://www.securityfocus.com/bid/18993 (says "Currently we are not
> aware of any vendor-supplied patches for these issues.")
>
> Thanks in advance.
>
> -Matt
>
 
Back
Top