Technical Cyber Security Alert TA05-193A - Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.
2303b682f52871a9477672e8a66f71e91112dbef891869a7006d70bee863bdb7
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
National Cyber Alert System
Technical Cyber Security Alert TA05-193A
Microsoft Windows, Internet Explorer, and Word Vulnerabilities
Original release date: July 12, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security
Bulletin Summary for July, 2005.
Overview
Microsoft has released updates that address critical vulnerabilities
in Windows, Office, and Internet Explorer. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code on an affected system.
I. Description
Microsoft Security Bulletins for July, 2005 address vulnerabilities in
Windows, Office, and Internet Explorer. Further information is
available in the following Vulnerability Notes:
VU#218621 - Microsoft Word buffer overflow in font processing routine
A buffer overflow in the font processing routine of Microsoft Word may
allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)
VU#720742 - Microsoft Color Management Module buffer overflow during
profile tag validation
Microsoft Color Management Module fails to properly validate input
data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)
VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an
unspecified vulnerability
The JVIEW Profiler COM object contains an unspecified vulnerability,
which may allow a remote attacker to execute arbitrary code on a
vulnerable system.
(CAN-2005-2087)
II. Impact
Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code with the privileges
of the user. If the user is logged on with administrative privileges,
the attacker could take control of an affected system.
III. Solution
Apply Updates
Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the individual Vulnerability Notes for workarounds.
Appendix A. References
* Microsoft Security Bulletin Summary for July, 2005
<http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>
* US-CERT Vulnerability Note VU#218621
<http://www.kb.cert.org/vuls/id/218621>
* US-CERT Vulnerability Note VU#720742
<http://www.kb.cert.org/vuls/id/720742>
* US-CERT Vulnerability Note VU#939605
<http://www.kb.cert.org/vuls/id/939605>
* CAN-2005-0564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>
* CAN-2005-1219
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>
* CAN-2005-2087
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>
* Microsoft Update
<http://update.microsoft.com/>
* Microsoft Update Overview
<http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
ult.mspx>
_________________________________________________________________
Feedback can be directed to the US-CERT Technical Staff.
Please send mail to cert@cert.org with the subject:
"TA05-193A Feedback VU#720742"
_________________________________________________________________
This document is available at
<http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
_________________________________________________________________
Terms of use
<http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
July 12, 2005: Initial release
Last updated July 12, 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2
ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4
jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf
eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE
38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6
4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg==
=eMPQ
-----END PGP SIGNATURE-----