Copyright 2024 - CSIM - Asian Institute of Technology

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Subject: US-CERT Technical Cyber Security Alert TA05-193A -- Microsoft Windows, Internet Explorer, and Word Vulnerabilities
From: CERT Advisory <This email address is being protected from spambots. You need JavaScript enabled to view it.>
Date: Tue, 12 Jul 2005 18:24:48 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                         National Cyber Alert System

                   Technical Cyber Security Alert TA05-193A

        Microsoft Windows, Internet Explorer, and Word Vulnerabilities

   Original release date: July 12, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

     * Microsoft Windows
     * Microsoft Office
     * Microsoft Internet Explorer

   For more complete information, refer to the Microsoft Security
   Bulletin Summary for July, 2005.


Overview

   Microsoft has released updates that address critical vulnerabilities
   in Windows, Office, and Internet Explorer. Exploitation of these
   vulnerabilities could allow a remote, unauthenticated attacker to
   execute arbitrary code on an affected system.


I. Description

   Microsoft Security Bulletins for July, 2005 address vulnerabilities in
   Windows, Office, and Internet Explorer. Further information is
   available in the following Vulnerability Notes:


   VU#218621 - Microsoft Word buffer overflow in font processing routine

   A buffer overflow in the font processing routine of Microsoft Word may
   allow a remote attacker to execute code on a vulnerable system.
   (CAN-2005-0564)


   VU#720742 - Microsoft Color Management Module buffer overflow during
   profile tag validation

   Microsoft Color Management Module fails to properly validate input
   data, allowing a remote attacker to execute arbitrary code.
   (CAN-2005-1219)


   VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an
   unspecified vulnerability

   The JVIEW Profiler COM object contains an unspecified vulnerability,
   which may allow a remote attacker to execute arbitrary code on a
   vulnerable system.
   (CAN-2005-2087)


II. Impact

   Exploitation of these vulnerabilities could allow a remote,
   unauthenticated attacker to execute arbitrary code with the privileges
   of the user. If the user is logged on with administrative privileges,
   the attacker could take control of an affected system.


III. Solution

Apply Updates

   Microsoft has provided the updates for these vulnerabilities in the
   Security Bulletins and on the Microsoft Update site.

Workarounds

   Please see the individual Vulnerability Notes for workarounds.


Appendix A. References

     * Microsoft Security Bulletin Summary for July, 2005
       <http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>

     * US-CERT Vulnerability Note VU#218621
       <http://www.kb.cert.org/vuls/id/218621>

     * US-CERT Vulnerability Note VU#720742
       <http://www.kb.cert.org/vuls/id/720742>

     * US-CERT Vulnerability Note VU#939605
       <http://www.kb.cert.org/vuls/id/939605>

     * CAN-2005-0564
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>

     * CAN-2005-1219
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>
       
     * CAN-2005-2087
       <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>
       
     * Microsoft Update
       <http://update.microsoft.com/>

     * Microsoft Update Overview
       <http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
       ult.mspx>

   _________________________________________________________________

   Feedback can be directed to the US-CERT Technical Staff.

   Please send mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with the subject:

   "TA05-193A Feedback VU#720742"
   _________________________________________________________________

   This document is available at

   <http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
   _________________________________________________________________

   Produced 2005 by US-CERT, a government organization.
   _________________________________________________________________

   Terms of use

   <http://www.us-cert.gov/legal.html>
   _________________________________________________________________

   Revision History

   July 12, 2005: Initial release

   Last updated July 12, 2005 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2
ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4
jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf
eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE
38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6
4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg==
=eMPQ
-----END PGP SIGNATURE-----
Powered by: MHonArc

Login Form

Search

School of Engineering and technologies     Asian Institute of Technology