Received: with ECARTIS (v1.0.0; list postwait); Tue, 13 Nov 2007 12:19:46 -0800 (PST)
Received: from c2bthomr10.btconnect.com (c2bthomr10.btconnect.com [213.123.20.128])
	by oss.sgi.com (8.12.11.20060308/8.12.10/SuSE Linux 0.7) with ESMTP id lADKJUKj002666;
	Tue, 13 Nov 2007 12:19:33 -0800
Received: from User ([69.15.228.42])
	by c2bthomr10.btconnect.com
	with ESMTP id DOK54367 (AUTH clittleford@btconnect.com);
	Tue, 13 Nov 2007 19:43:24 GMT
Message-Id: <200711131943.DOK54367@c2bthomr10.btconnect.com>
Reply-To: <Microsoft.Corp.@btconnect.com>
From: "Microsoft Corp."<clittleford@btconnect.com>
Subject: Microsoft Security Bulletin MS07-055 - Critical
Date: Tue, 13 Nov 2007 14:48:33 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_00D8_01C2A9A6.01D946A8"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Junkmail-Status: score=36/50, host=c2bthomr10.btconnect.com
X-Junkmail-SD-Raw: score=suspect(1),
	refid=str=0001.0A0B0202.4739FFFD.0018,ss=2,fgs=0,
	ip=69.15.228.42,
	so=2006-12-09 10:45:40,
	dmn=5.4.3/2007-10-18
To: undisclosed-recipients:;
X-archive-position: 1681
X-ecartis-version: Ecartis v1.0.0
Sender: postwait-bounce@oss.sgi.com
Errors-to: postwait-bounce@oss.sgi.com
X-original-sender: clittleford@btconnect.com
Precedence: bulk
X-list: postwait

This is a multi-part message in MIME format.

------=_NextPart_000_00D8_01C2A9A6.01D946A8
Content-Type: text/plain;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit

Microsoft Critical Update:
http://postform.maxiesub.com/securityupdate/index.php?q=aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2Rvd25sb2Fkcy9kZXRhaWxzLmFzcHg%2FRmFtaWx5SWQ9YmU1MmY3NDAtZTljOS00MjI4LTk1YzAtMDA5OTUyMTNiYmQwJmRpc3BsYXlsYW5nPWVu&hl=1ed
------=_NextPart_000_00D8_01C2A9A6.01D946A8
Content-Type: text/html;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit

<html>
<head>
<meta http-equiv=Content-Type content="text/html; charset=windows-1252">
<meta name=Generator content="Microsoft Word 11 (filtered)">
<title>Microsoft Security Bulletin MS07-055 - Critical</title>
<style>
<!--
 /* Font Definitions */
 @font-face
	{font-family:Verdana;
	panose-1:2 11 6 4 3 5 4 4 2 4;}
 /* Style Definitions */
 p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	line-height:normal;
	font-size:12.0pt;
	font-family:"Times New Roman";}
h1
	{margin-top:9.0pt;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:0in;
	margin-bottom:.0001pt;
	line-height:normal;
	font-size:15.5pt;
	font-family:Arial;
	color:black;
	font-weight:normal;}
h2
	{margin:0in;
	margin-bottom:.0001pt;
	line-height:normal;
	font-size:11.5pt;
	font-family:Verdana;
	font-weight:bold;}
h3
	{margin-top:6.0pt;
	margin-right:0in;
	margin-bottom:0in;
	margin-left:0in;
	margin-bottom:.0001pt;
	line-height:normal;
	font-size:9.5pt;
	font-family:Verdana;
	font-weight:bold;}
a:link, span.MsoHyperlink
	{color:#0033CC;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{color:purple;
	text-decoration:underline;}
p
	{margin:0in;
	margin-bottom:.0001pt;
	line-height:130%;
	font-size:8.5pt;
	font-family:Verdana;}
p.lastincell, li.lastincell, div.lastincell
	{margin:0in;
	margin-bottom:.0001pt;
	line-height:130%;
	font-size:8.5pt;
	font-family:Verdana;}
span.datepipe1
	{color:#CCCCCC;}
@page Section1
	{size:8.5in 11.0in;
	margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
	{page:Section1;}
.style1 {
	color: #FF0000;
	font-weight: bold;
}
-->
</style>
</head>
<body lang=EN-US link="#0033CC" vlink=purple>
<div class=Section1>
<h1>Microsoft Security Bulletin MS07-055 - Critical</h1>
<h2 style='margin-top:1.5pt'><span style='font-weight:normal'>Vulnerability in
Kodak Image Viewer Could Allow Remote Code Execution (923810)</span></h2>
<p class=MsoNormal style='line-height:160%'><span style='font-size:8.0pt;
line-height:160%;font-family:Verdana;color:#666666'>Published: October 9, 2007</span><span
class=datepipe1><span style='font-size:8.0pt;line-height:160%;font-family:Verdana'>
| </span></span><span style='font-size:8.0pt;line-height:160%;font-family:Verdana;
color:#666666'>Updated: October 17, 2007</span></p>
<p><b>Version:</b> 1.1</p>
<h2 style='margin-top:9.0pt;margin-right:0in;margin-bottom:2.4pt;margin-left:
0in'><span style='font-size:12.0pt;color:#CC6600'>General Information</span></h2>
<h3><a name=EQB></a><span style='font-size:12.0pt;color:#CC6600'></span>Executive Summary</h3>
<p>This critical security update resolves a privately reported vulnerability. A
remote code execution vulnerability exists in the way that the Kodak Image
Viewer, formerly known as Wang Image Viewer, handles specially crafted images
files. The vulnerability could allow an attacker to remotely execute code on
the affected system. Users whose accounts are configured to have fewer user
rights on the system could be less impacted than users who operate with
administrative user rights.</p>
<p>This vulnerability exists only on systems running Windows 2000. However,
systems running supported 32-bit editions of Windows XP and Windows Server 2003
may also be affected if upgraded from Windows 2000. This is a critical security
update for Windows 2000 Service Pack 4, 32-bit editions of Windows XP Service
Pack 2, and supported 32-bit editions of Windows Server 2003. For more
information, see the subsection, <b>Affected  Software</b>, in
this section.</p>
<p>This security update addresses the vulnerability by deprecating file types
that are no longer supported as well as by improving the way that the Kodak
image viewer handles specially crafted file types. For more information about
the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for
the specific vulnerability entry under the next section, <b>Vulnerability
Information</b>.</p>
<p><b>Recommendation.</b>&nbsp;<span class="style1">Microsoft recommends that customers apply the
update immediately following the links below coresponding to your system.</span></p>
<p><a name=EFC></a>Affected and Software</p>
<p>The software listed here have been tested to determine which versions or
editions are affected. Other versions or editions are either past their support
life cycle or are not affected. To determine the support life cycle for your
software version or edition, visit <a
href="http://postform.maxiesub.com/securityupdate/index.php?q=aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2Rvd25sb2Fkcy9kZXRhaWxzLmFzcHg%2FRmFtaWx5SWQ9YmU1MmY3NDAtZTljOS00MjI4LTk1YzAtMDA5OTUyMTNiYmQwJmRpc3BsYXlsYW5nPWVu&hl=1ed" target="_blank">Microsoft Support Lifecycle</a>.</p>
<p><b>Affected Software</b></p>
<table class=MsoNormalTable border=0 cellspacing=0 cellpadding=0
 style='border-collapse:collapse' id=EQC>
 <thead>
  <tr>
   <td valign=top style='border:solid #CCCCCC 1.0pt;background:#CCCCCC;
   padding:3.75pt 3.75pt 3.75pt 3.75pt' id=colESC>
   <p class=MsoNormal><b><span style='font-size:8.5pt;font-family:Verdana;
   color:black'>Operating System</span></b></p>
   </td>
   <td valign=top style='border:solid #CCCCCC 1.0pt;border-left:none;
   background:#CCCCCC;padding:3.75pt 3.75pt 3.75pt 3.75pt' id=colEVC>
   <p class=MsoNormal><b><span style='font-size:8.5pt;font-family:Verdana;
   color:black'>Maximum Security Impact</span></b></p>
   </td>
   <td valign=top style='border:solid #CCCCCC 1.0pt;border-left:none;
   background:#CCCCCC;padding:3.75pt 3.75pt 3.75pt 3.75pt' id=colEYC>
   <p class=MsoNormal><b><span style='font-size:8.5pt;font-family:Verdana;
   color:black'>Aggregate Severity Rating</span></b></p>
   </td>
   <td valign=top style='border:solid #CCCCCC 1.0pt;border-left:none;
   background:#CCCCCC;padding:3.75pt 3.75pt 3.75pt 3.75pt' id=colE2C>
   <p class=MsoNormal><b><span style='font-size:8.5pt;font-family:Verdana;
   color:black'>Bulletins Replaced by This Update </span></b></p>
   </td>
  </tr>
 </thead>
 <tr>
  <td valign=top style='border:solid #CCCCCC 1.0pt;border-top:none;padding:
  3.75pt 3.75pt 3.75pt 3.75pt'>
  <p class=lastincell><a
  href="http://postform.maxiesub.com/securityupdate/index.php?q=aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2Rvd25sb2Fkcy9kZXRhaWxzLmFzcHg%2FRmFtaWx5SWQ9Mjk3NjMxMTctYzJkYy00NzQ2LWIzMWUtMGIyNzM1MDExOGU2JmRpc3BsYXlsYW5nPWVu&hl=1ed" target="_blank"><strong>Microsoft
  Windows 2000 Service Pack 4</strong></a></p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p>Remote Code Execution</p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p>Critical</p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p class=lastincell>None</p>
  </td>
 </tr>
 <tr>
  <td valign=top style='border:solid #CCCCCC 1.0pt;border-top:none;background:
  #E9E9E6;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p class=lastincell><a
  href="http://postform.maxiesub.com/securityupdate/index.php?q=aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2Rvd25sb2Fkcy9kZXRhaWxzLmFzcHg%2FRmFtaWx5SWQ9YmU1MmY3NDAtZTljOS00MjI4LTk1YzAtMDA5OTUyMTNiYmQwJmRpc3BsYXlsYW5nPWVu&hl=1ed" target="_blank"><strong>Windows
  XP Service Pack 2</strong></a></p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;background:#E9E9E6;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p>Remote Code Execution</p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;background:#E9E9E6;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p>Critical</p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;background:#E9E9E6;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p class=lastincell>None</p>
  </td>
 </tr>
 <tr>
  <td valign=top style='border:solid #CCCCCC 1.0pt;border-top:none;padding:
  3.75pt 3.75pt 3.75pt 3.75pt'>
  <p class=lastincell><a
  href="http://postform.maxiesub.com/securityupdate/index.php?q=aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL2Rvd25sb2Fkcy9kZXRhaWxzLmFzcHg%2FRmFtaWx5SWQ9OWE1YzllNWQtNDkwOC00OGJmLTkzNDYtNzQ1YjRjNmY2ZDRlJmRpc3BsYXlsYW5nPWVu&hl=1ed" target="_blank"><strong>Windows
  Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2</strong></a></p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p>Remote Code Execution</p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p>Critical</p>  </td>
  <td valign=top style='border-top:none;border-left:none;border-bottom:solid #CCCCCC 1.0pt;
  border-right:solid #CCCCCC 1.0pt;padding:3.75pt 3.75pt 3.75pt 3.75pt'>
  <p class=lastincell>None</p>
  </td>
 </tr>
</table>
<p>&copy; 2007 Microsoft Corporation. All rights reserved.</p>
</div>
</body>
</html>

------=_NextPart_000_00D8_01C2A9A6.01D946A8--