Alert

Microsoft Windows and Internet Explorer Vulnerabilities

Last Revised
Alert Code
TA05-165A

Systems Affected

 
  • Microsoft Windows
  • Microsoft Internet Explorer

For more complete information, refer to the Microsoft Security Bulletin Summary for June, 2005.

 

Overview

 

Microsoft has released updates that address critical vulnerabilities in Windows and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service.

 

Description

 

Microsoft Security Bulletins for June, 2005 address a number of vulnerabilities in Windows, Internet Explorer, Outlook Express, Outlook Web Access, ISA Server, the Step-by-Step Interactive Training engine, and telnet. Further information about the more serious vulnerabilities is available in the following Vulnerability Notes:

VU#189754 - Microsoft Internet Explorer buffer overflow in PNG image rendering component

A buffer overflow in the PNG image rendering component of Microsoft Internet Explorer may allow a remote attacker to execute code on a vulnerable system. 
(CAN-2005-1211)

VU#489397 - Microsoft Server Message Block vulnerable to buffer overflow

Microsoft Server Message Block (SMB) is vulnerable to a buffer handling flaw when processing incoming SMB packets that may lead to remote code execution. 
(CAN-2005-1206)

VU#851869 - Microsoft HTML Help input validation error

Microsoft HTML Help fails to properly validate input data, allowing a remote attacker to execute arbitrary code. 
(CAN-2005-1208)

 

Impact

Exploitation of the most serious of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. This would allow an attacker to take complete control of a vulnerable system. An attacker could also execute arbitrary code with user privileges, or cause a denial of service.

Solution

Apply updates

Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update.

Workarounds

Please see the individual vulnerability notes for workarounds.


 

Appendix A. References

  • Microsoft Security Bulletin Summary for June, 2005 - http://www.microsoft.com/technet/security/bulletin/ms05-jun.mspx
  • US-CERT Vulnerability Note VU#189754 - http://www.kb.cert.org/vuls/id/189754
  • US-CERT Vulnerability Note VU#489397 - http://www.kb.cert.org/vuls/id/489397
  • US-CERT Vulnerability Note VU#851869 - http://www.kb.cert.org/vuls/id/851869
  • CAN-2005-1211 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1222
  • CAN-2005-1206 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1206
  • CAN-2005-1208 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1208
  • Microsoft Windows Update - http://windowsupdate.microsoft.com/


 

Feedback can be directed to the US-CERT Technical Staff

Revision History

  • June 14, 2005: Initial release
     

    Last updated 

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.