Microsoft Windows, Internet Explorer, and Word Vulnerabilities
Systems Affected
- Microsoft Windows
- Microsoft Office
- Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for July, 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in
Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute arbitrary code on an
affected system.
Description
Microsoft Security Bulletins for July, 2005 address vulnerabilities in
Windows, Office, and Internet Explorer. Further information is available in
the following Vulnerability Notes:
VU#218621 - Microsoft Word buffer overflow in font processing routine
A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)
VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation
Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)
VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability
The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CAN-2005-2087)
Impact
Exploitation of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code with the privileges of the user. If the
user is logged on with administrative privileges, the attacker could take
control of an affected system.
Solution
Apply Updates
Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the individual Vulnerability Notes for workarounds.
Appendix A. References
- Microsoft Security Bulletin Summary for July, 2005 - http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx
- US-CERT Vulnerability Note VU#218621 - http://www.kb.cert.org/vuls/id/218621
- US-CERT Vulnerability Note VU#720742 - http://www.kb.cert.org/vuls/id/720742
- US-CERT Vulnerability Note VU#939605 - http://www.kb.cert.org/vuls/id/939605
- CAN-2005-0564 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564
- CAN-2005-1219 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219
- CAN-2005-2087 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087
- Microsoft Update - http://update.microsoft.com/microsoftupdate
- Microsoft Update Overview - http://www.microsoft.com/technet/prodtechnol/microsoftupdate/default.mspx
Feedback can be directed to the US-CERT Technical Staff.
Revision History
-
July 12, 2005: Initial release
July 13, 2005: Updated Microsoft Update linkLast updated
This product is provided subject to this Notification and this Privacy & Use policy.