Copyright 2024 - CSIM - Asian Institute of Technology

Security Advisories

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA05-165A -- Microsoft Windows and Internet Explorer Vulnerabilities
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Tue, 14 Jun 2005 20:22:26 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


             Technical Cyber Security Alert TA05-165A
     Microsoft Windows and Internet Explorer Vulnerabilities

   Original release date: June 14, 2005
   Last revised: --
   Source: US-CERT

Systems Affected

     * Microsoft Windows
     * Microsoft Internet Explorer

   For more complete information, refer to the Microsoft Security
   Bulletin Summary for June, 2005.

Overview

   Microsoft has released updates that address critical vulnerabilities
   in Windows and Internet Explorer. Exploitation of these
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code or cause a denial of service.

I. Description

   Microsoft Security Bulletins for June, 2005 address a number of
   vulnerabilities in Windows, Internet Explorer, Outlook Express,
   Outlook Web Access, ISA Server, the Step-by-Step Interactive Training
   engine, and telnet. Further information about the more serious
   vulnerabilities is available in the following Vulnerability Notes:

   VU#189754 - Microsoft Internet Explorer buffer overflow in PNG image
   rendering component

   A buffer overflow in the PNG image rendering component of Microsoft
   Internet Explorer may allow a remote attacker to execute code on a
   vulnerable system.
   (CAN-2005-1211)

   VU#489397 - Microsoft Server Message Block vulnerable to buffer
   overflow

   Microsoft Server Message Block (SMB) is vulnerable to a buffer
   handling flaw when processing incoming SMB packets that may lead to
   remote code execution.
   (CAN-2005-1206)

   VU#851869 - Microsoft HTML Help input validation error

   Microsoft HTML Help fails to properly validate input data, allowing a
   remote attacker to execute arbitrary code.
   (CAN-2005-1208)

II. Impact

   Exploitation of the most serious of these vulnerabilities could allow
   a remote, unauthenticated attacker to execute arbitrary code with
   SYSTEM privileges. This would allow an attacker to take complete
   control of a vulnerable system. An attacker could also execute
   arbitrary code with user privileges, or cause a denial of service.

III. Solution

Apply updates

   Microsoft has provided the patches for these vulnerabilities in the
   Security Bulletins and on Windows Update.

Workarounds

   Please see the individual vulnerability notes for workarounds.

Appendix A. References

     * Microsoft Security Bulletin Summary for June, 2005 -
       <http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx>

     * US-CERT Vulnerability Note VU#189754 -
       <http://www.kb.cert.org/vuls/id/189754>

     * US-CERT Vulnerability Note VU#489397 -
       <http://www.kb.cert.org/vuls/id/489397>

     * US-CERT Vulnerability Note VU#851869 -
       <http://www.kb.cert.org/vuls/id/851869>

     * CAN-2005-1211 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1222>

     * CAN-2005-1206 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1206>

     * CAN-2005-1208 -
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1208>

     * Microsoft Windows Update - <http://windowsupdate.microsoft.com/>
   _________________________________________________________________

   Feedback can be directed to the US-CERT Technical Staff
   _________________________________________________________________

   Revision History

   June 14, 2005: Initial release
   _________________________________________________________________

   This document is available from:
  
   <http://www.us-cert.gov/cas/techalerts/TA05-165A.html>

   Produced 2005 by US-CERT, a government organization.

   Terms of use

   <http://www.us-cert.gov/legal.html>


    For instructions on subscribing to or unsubscribing from this 
    mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
    
    
    
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQq9ymBhoSezw4YfQAQKK/AgAgA+TNjR3BwQXMLkf56jTFQdMprSELPAP
DaVkL2LeFT13v/z2QHiQMMA5SJT8nOxHlIm1mxhOo1jmTLU3Rjj4tRDaIMI2Q/2I
y/m02Xt0DeR13TcVISxWo2dKEvZ6rh0HOEpL/OS3SAUH2lWRUgUhaAG4Tag5afWd
Ts6bcTplXhPqVYY9u/QFxGs1hrr5ntsFqxaZz02HQVgaVYqimH8WgkXURO/VPqA9
f7LUa3elNkIK15vmE3yTHPnWV4Dq5rfUq2G6aFXSD9KxZPqACCAcH7K+6KEgU5z9
dYzKcGrEDHn2/2es2UhzGvJcDx1JiNG5pH7mGMm0b2lp+jZ47j6z7g==
=BD3k
-----END PGP SIGNATURE-----
Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology