Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Systems Affected

Microsoft Windows
Microsoft Office
Microsoft Internet Explorer

For more complete information, refer to the Microsoft Security Bulletin Summary for July, 2005.

Overview

Microsoft has released updates that address critical vulnerabilities in
Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute arbitrary code on an
affected system.

Description

Microsoft Security Bulletins for July, 2005 address vulnerabilities in
Windows, Office, and Internet Explorer. Further information is available in
the following Vulnerability Notes:

VU#218621 - Microsoft Word buffer overflow in font processing routine

A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system.

(CAN-2005-0564)

VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation

Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code.

(CAN-2005-1219)

VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability

The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system.

(CAN-2005-2087)

Impact

Exploitation of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code with the privileges of the user. If the
user is logged on with administrative privileges, the attacker could take
control of an affected system.

Solution

Apply Updates

Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.

Workarounds

Please see the individual Vulnerability Notes for workarounds.

Appendix A. References

Microsoft Security Bulletin Summary for July, 2005 - http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx
US-CERT Vulnerability Note VU#218621 - http://www.kb.cert.org/vuls/id/218621
US-CERT Vulnerability Note VU#720742 - http://www.kb.cert.org/vuls/id/720742
US-CERT Vulnerability Note VU#939605 - http://www.kb.cert.org/vuls/id/939605
CAN-2005-0564 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564
CAN-2005-1219 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219
CAN-2005-2087 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087
Microsoft Update - http://update.microsoft.com/microsoftupdate
Microsoft Update Overview - http://www.microsoft.com/technet/prodtechnol/microsoftupdate/default.mspx

Feedback can be directed to the US-CERT Technical Staff.

Revision History

July 12, 2005: Initial release

July 13, 2005: Updated Microsoft Update link

Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.

Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Systems Affected

Overview

Description

Impact

Solution

Apply Updates

Workarounds

Appendix A. References

Revision History

Please share your thoughts

CISA Releases Three Industrial Control Systems Advisories

CISA and Partners Release Advisory on Akira Ransomware

Oracle Releases Critical Patch Update Advisory for April 2024

CISA Releases Four Industrial Control Systems Advisories

Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Systems Affected

Overview

Description

Impact

Solution

Apply Updates

Workarounds

Appendix A. References

Revision History

Please share your thoughts

Related Advisories

CISA Releases Three Industrial Control Systems Advisories

CISA and Partners Release Advisory on Akira Ransomware

Oracle Releases Critical Patch Update Advisory for April 2024

CISA Releases Four Industrial Control Systems Advisories