[Ham-Computers] Fw: US-CERT Technical Cyber Security Alert
TA05-193A -- Microsoft Windows, Internet Explorer,
and Word Vulnerabilities
don
wxfreqrs at cableone.net
Tue Jul 12 20:33:04 EDT 2005
Don
Peace Through Superior Firepower
REAL TIME OBS http://myweb.cableone.net/wxfreqrs/
JCARA RADIO HOMEPAGE http://www.jcmsara.org
----- Original Message -----
From: "CERT Advisory" <cert-advisory at cert.org>
To: <cert-advisory at cert.org>
Sent: Tuesday, July 12, 2005 5:26 PM
Subject: US-CERT Technical Cyber Security Alert TA05-193A -- Microsoft
Windows, Internet Explorer, and Word Vulnerabilities
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> National Cyber Alert System
>
> Technical Cyber Security Alert TA05-193A
>
> Microsoft Windows, Internet Explorer, and Word Vulnerabilities
>
> Original release date: July 12, 2005
> Last revised: --
> Source: US-CERT
>
>
> Systems Affected
>
> * Microsoft Windows
> * Microsoft Office
> * Microsoft Internet Explorer
>
> For more complete information, refer to the Microsoft Security
> Bulletin Summary for July, 2005.
>
>
> Overview
>
> Microsoft has released updates that address critical vulnerabilities
> in Windows, Office, and Internet Explorer. Exploitation of these
> vulnerabilities could allow a remote, unauthenticated attacker to
> execute arbitrary code on an affected system.
>
>
> I. Description
>
> Microsoft Security Bulletins for July, 2005 address vulnerabilities in
> Windows, Office, and Internet Explorer. Further information is
> available in the following Vulnerability Notes:
>
>
> VU#218621 - Microsoft Word buffer overflow in font processing routine
>
> A buffer overflow in the font processing routine of Microsoft Word may
> allow a remote attacker to execute code on a vulnerable system.
> (CAN-2005-0564)
>
>
> VU#720742 - Microsoft Color Management Module buffer overflow during
> profile tag validation
>
> Microsoft Color Management Module fails to properly validate input
> data, allowing a remote attacker to execute arbitrary code.
> (CAN-2005-1219)
>
>
> VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an
> unspecified vulnerability
>
> The JVIEW Profiler COM object contains an unspecified vulnerability,
> which may allow a remote attacker to execute arbitrary code on a
> vulnerable system.
> (CAN-2005-2087)
>
>
> II. Impact
>
> Exploitation of these vulnerabilities could allow a remote,
> unauthenticated attacker to execute arbitrary code with the privileges
> of the user. If the user is logged on with administrative privileges,
> the attacker could take control of an affected system.
>
>
> III. Solution
>
> Apply Updates
>
> Microsoft has provided the updates for these vulnerabilities in the
> Security Bulletins and on the Microsoft Update site.
>
> Workarounds
>
> Please see the individual Vulnerability Notes for workarounds.
>
>
> Appendix A. References
>
> * Microsoft Security Bulletin Summary for July, 2005
> <http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>
>
> * US-CERT Vulnerability Note VU#218621
> <http://www.kb.cert.org/vuls/id/218621>
>
> * US-CERT Vulnerability Note VU#720742
> <http://www.kb.cert.org/vuls/id/720742>
>
> * US-CERT Vulnerability Note VU#939605
> <http://www.kb.cert.org/vuls/id/939605>
>
> * CAN-2005-0564
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>
>
> * CAN-2005-1219
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>
>
> * CAN-2005-2087
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>
>
> * Microsoft Update
> <http://update.microsoft.com/>
>
> * Microsoft Update Overview
> <http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
> ult.mspx>
>
> _________________________________________________________________
>
> Feedback can be directed to the US-CERT Technical Staff.
>
> Please send mail to cert at cert.org with the subject:
>
> "TA05-193A Feedback VU#720742"
> _________________________________________________________________
>
> This document is available at
>
> <http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
> _________________________________________________________________
>
> Produced 2005 by US-CERT, a government organization.
> _________________________________________________________________
>
> Terms of use
>
> <http://www.us-cert.gov/legal.html>
> _________________________________________________________________
>
> Revision History
>
> July 12, 2005: Initial release
>
> Last updated July 12, 2005
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2
> ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4
> jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf
> eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE
> 38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6
> 4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg==
> =eMPQ
> -----END PGP SIGNATURE-----
>
>
> --
> No virus found in this incoming message.
> Checked by AVG Anti-Virus.
> Version: 7.0.323 / Virus Database: 267.8.13/47 - Release Date: 7/12/2005
>
>
--
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.8.13/47 - Release Date: 7/12/2005
More information about the Ham-Computers
mailing list