Here is some more information on the Exchange and IE7 vulnerabilities
From Secunia:
Description:
Some vulnerabilities have been reported in Microsoft Exchange, which can be exploited by malicious people to conduct script insertion attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.
1) Outlook Web Access (OWA) does not handle a certain UTF character set label correctly. As a results, script-based attachments are not properly sanitised before being displaying, which can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of a vulnerable site when opening a file.
2) An error in the Exchange Collaboration Data Objects (EXCDO) functionality when handling calender content requests can be exploited to cause the mail service to stop responding via a specially crafted iCal file.
3) An error in the MIME decoding can be exploited to execute arbitrary code via a malicious e-mail message containing specially crafted base64-encoded content.
4) An error in the handling of invalid IMAP requests can be exploited to cause the mail service to stop responding via a specially crafted IMAP command.
And the IE vuln.
From Secunia:
Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user’s system.
1) An error within the instantiation of the chtskdic.dll COM object not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.
2) An error in the way objects are accessed when not initiated or already deleted can be exploited to corrupt memory via a specially crafted web page.
3) An error when calling property methods can be exploited to corrupt memory via a specially crafted web page.
4) Errors within the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page.
5) An error in the media service component (msauth.dll) can be exploited to rewrite arbitrary files via a specially crafted web page.
Successful exploitation of the vulnerabilities allows execution of arbitrary code.
[tags]Microsoft Exchange Vulnerability, IE7 Vulnerability[/tags]
