Multiple Vulnerabilities in Microsoft Windows Components
Systems Affected
- Microsoft Windows Systems
Overview
Microsoft has released a Security Bulletin Summary for February, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Exploitation of some vulnerabilities can result in the remote execution of arbitrary code by a remote attacker. Details of the vulnerabilities and their impacts are provided below.
Description
The table below provides a reference between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents.
| Microsoft Security Bulletin | Related US-CERT Vulnerability Note(s) |
| MS05-004: ASP.NET Path Validation Vulnerability (887219) | VU#283646 Microsoft ASP.NET fails to perform proper canonicalization |
| MS05-005: Microsoft Office XP could allow Remote Code Execution (873352) | VU#416001 Microsoft Office XP contains buffer overflow vulnerability |
| MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) | VU#340409 Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities |
| MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) | VU#939074 Microsoft Computer Browser service contains an information disclosure vulnerability |
| MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) | VU#698835 Microsoft Internet Explorer contains drag and drop flaw |
| MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) | VU#259890 Windows Media Player does not properly handle PNG images with excessive width or height values VU#817368 libpng png_handle_sBIT() performs insufficient bounds checking VU#388984 libpng fails to properly check length of transparency chunk (tRNS) data |
| MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834) | VU#130433 Microsoft License Logging Service buffer overflow |
| MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) | VU#652537 Microsoft Windows SMB packet validation vulnerability |
| MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) | VU#597889 Microsoft COM Structured Storage Vulnerability VU#927889 Microsoft OLE input validation vulnerability |
| MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) | VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability |
| MS05-014: Cumulative Security Update for Internet Explorer (867282) | VU#698835 Microsoft Internet Explorer contains drag and drop flaw VU#580299 Microsoft Internet Explorer contains URL decoding zone spoofing vulnerability VU#843771 Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability VU#823971 Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability |
| MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) | VU#820427 Microsoft Hyperlink Object Library buffer overflow |
Impact
A remote, unauthenticated attacker may exploit VU#283646 to gain unauthorized access to secured content on an ASP.NET server.
Exploitation of VU#416001, VU#698835, VU#259890, VU#817368, VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600, VU#580299, VU#843771, and VU#820427 would permit a remote attacker to execute arbitrary code on a vulnerable Windows system.
Exploitation of VU#340409, VU#356600, and VU#823971 will have impacts similar to cross-site scripting vulnerabilities. For more information about cross-site scripting, please see CERT Advisory CA-2000-02.
A remote attacker could use VU#939074 to retrieve the names of users who have open connections to a shared Windows resource.
Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update.
Appendix A. References
- Microsoft's Security Bulletin Summary for February, 2005 - http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx
- US-CERT Vulnerability Note VU#283646 - http://www.kb.cert.org/vuls/id/283646
- US-CERT Vulnerability Note VU#416001 - http://www.kb.cert.org/vuls/id/416001
- US-CERT Vulnerability Note VU#340409 - http://www.kb.cert.org/vuls/id/340409
- US-CERT Vulnerability Note VU#939074 - http://www.kb.cert.org/vuls/id/939074
- US-CERT Vulnerability Note VU#698835 - http://www.kb.cert.org/vuls/id/698835
- US-CERT Vulnerability Note VU#259890 - http://www.kb.cert.org/vuls/id/259890
- US-CERT Vulnerability Note VU#817368 - http://www.kb.cert.org/vuls/id/817368
- US-CERT Vulnerability Note VU#388984 - http://www.kb.cert.org/vuls/id/388984
- US-CERT Vulnerability Note VU#130433 - http://www.kb.cert.org/vuls/id/130433
- US-CERT Vulnerability Note VU#652537 - http://www.kb.cert.org/vuls/id/652537
- US-CERT Vulnerability Note VU#597889 - http://www.kb.cert.org/vuls/id/597889
- US-CERT Vulnerability Note VU#927889 - http://www.kb.cert.org/vuls/id/927889
- US-CERT Vulnerability Note VU#356600 - http://www.kb.cert.org/vuls/id/356600
- US-CERT Vulnerability Note VU#580299 - http://www.kb.cert.org/vuls/id/580299
- US-CERT Vulnerability Note VU#843771 - http://www.kb.cert.org/vuls/id/843771
- US-CERT Vulnerability Note VU#823971 - http://www.kb.cert.org/vuls/id/823971
- US-CERT Vulnerability Note VU#820427 - http://www.kb.cert.org/vuls/id/820427
- CERT Advisory CA-2000-002 - http://www.cert.org/advisories/CA-2000-02.html#impact
Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, and Jeff Havrilla
Revision History
-
February 8, 2005: Initial release
February 10, 2005: Updated text formatting in tableLast updated
This product is provided subject to this Notification and this Privacy & Use policy.