exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Technical Cyber Security Alert 2005-193A

Technical Cyber Security Alert 2005-193A
Posted Jul 13, 2005
Authored by US-CERT | Site us-cert.gov

Technical Cyber Security Alert TA05-193A - Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

tags | advisory, remote, arbitrary, vulnerability
systems | windows
advisories | CVE-2005-1219, CVE-2005-2087, CVE-2005-0564
SHA-256 | 2303b682f52871a9477672e8a66f71e91112dbef891869a7006d70bee863bdb7

Technical Cyber Security Alert 2005-193A

Change Mirror Download

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA05-193A

Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Original release date: July 12, 2005
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer

For more complete information, refer to the Microsoft Security
Bulletin Summary for July, 2005.


Overview

Microsoft has released updates that address critical vulnerabilities
in Windows, Office, and Internet Explorer. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code on an affected system.


I. Description

Microsoft Security Bulletins for July, 2005 address vulnerabilities in
Windows, Office, and Internet Explorer. Further information is
available in the following Vulnerability Notes:


VU#218621 - Microsoft Word buffer overflow in font processing routine

A buffer overflow in the font processing routine of Microsoft Word may
allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)


VU#720742 - Microsoft Color Management Module buffer overflow during
profile tag validation

Microsoft Color Management Module fails to properly validate input
data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)


VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an
unspecified vulnerability

The JVIEW Profiler COM object contains an unspecified vulnerability,
which may allow a remote attacker to execute arbitrary code on a
vulnerable system.
(CAN-2005-2087)


II. Impact

Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code with the privileges
of the user. If the user is logged on with administrative privileges,
the attacker could take control of an affected system.


III. Solution

Apply Updates

Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.

Workarounds

Please see the individual Vulnerability Notes for workarounds.


Appendix A. References

* Microsoft Security Bulletin Summary for July, 2005
<http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>

* US-CERT Vulnerability Note VU#218621
<http://www.kb.cert.org/vuls/id/218621>

* US-CERT Vulnerability Note VU#720742
<http://www.kb.cert.org/vuls/id/720742>

* US-CERT Vulnerability Note VU#939605
<http://www.kb.cert.org/vuls/id/939605>

* CAN-2005-0564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>

* CAN-2005-1219
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>

* CAN-2005-2087
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>

* Microsoft Update
<http://update.microsoft.com/>

* Microsoft Update Overview
<http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
ult.mspx>

_________________________________________________________________

Feedback can be directed to the US-CERT Technical Staff.

Please send mail to cert@cert.org with the subject:

"TA05-193A Feedback VU#720742"
_________________________________________________________________

This document is available at

<http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.
_________________________________________________________________

Terms of use

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

July 12, 2005: Initial release

Last updated July 12, 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2
ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4
jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf
eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE
38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6
4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg==
=eMPQ
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close