Multiple Vulnerabilities in Microsoft Windows Components
Systems Affected
- Microsoft Windows Systems
For a complete list of affected versions of the Windows operating systems and components, refer to the Microsoft Security Bulletins.
Overview
Microsoft has released a Security
Bulletin Summary for April, 2005. This summary includes several
bulletins that address vulnerabilities in various Windows applications and
components. Exploitation of some vulnerabilities can result in the remote
execution of arbitrary code by a remote attacker. Details of the
vulnerabilities and their impacts are provided below.
Description
The table below provides a mapping between
Microsoft's Security Bulletins and the related US-CERT Vulnerability
Notes. More information related to the vulnerabilities is available in
these documents.
Microsoft Security Bulletin | Related US-CERT Vulnerability Note(s) |
MS05-020: Cumulative Security Update for Internet Explorer (890923) |
VU#774338 Microsoft Internet Explorer DHTML objects contain a race condition VU#756122 Microsoft Internet Explorer URL validation routine contains a buffer overflow VU#222050 Microsoft Internet Explorer Content Advisor contains a buffer overflow |
MS05-021: Vulnerability in Exchange Server Could Allow Remote Code Execution (894549) |
VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling |
MS05-022: Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597) |
VU#633446 Microsoft MSN Messenger GIF processing buffer overflow |
MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) | VU#233754 Microsoft Windows does not adequately validate IP packets |
Impact
Exploitation of these vulnerabilities may permit a remote attacker to execute arbitrary code on a vulnerable Windows system, or cause a denial-of-service condition.
Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.
Appendix A. References
- Microsoft's Security Bulletin Summary for April, 2005 - http://www.microsoft.com/technet/security/bulletin/ms05-apr.mspx
- US-CERT Vulnerability Note VU#774338 - http://www.kb.cert.org/vuls/id/774338
- US-CERT Vulnerability Note VU#756122 - http://www.kb.cert.org/vuls/id/756122
- US-CERT Vulnerability Note VU#222050 - http://www.kb.cert.org/vuls/id/222050
- US-CERT Vulnerability Note VU#275193 - http://www.kb.cert.org/vuls/id/275193
- US-CERT Vulnerability Note VU#633446 - http://www.kb.cert.org/vuls/id/633446
- US-CERT Vulnerability Note VU#233754 - http://www.kb.cert.org/vuls/id/233754
Feedback can be directed to the authors:
Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff Havrilla
Copyright 2005 Carnegie Mellon University. Terms of use
Revision History
-
April 12, 2005: Initial release
Last updated
This product is provided subject to this Notification and this Privacy & Use policy.