Multiple Vulnerabilities in Microsoft Windows Components
Original release date: February 8, 2005
Last revised: February 10, 2005
Source: US-CERT
Systems Affected
- Microsoft Windows Systems
Overview
Microsoft has released a Security
Bulletin Summary for February, 2005. This summary includes several
bulletins that address vulnerabilities in various Windows applications and
components. Exploitation of some vulnerabilities can result in the remote
execution of arbitrary code by a remote attacker. Details of the
vulnerabilities and their impacts are provided below.
I. Description
The table below provides a reference between
Microsoft's Security Bulletins and the related US-CERT Vulnerability
Notes. More information related to the vulnerabilities is available in
these documents.
Microsoft Security Bulletin | Related US-CERT Vulnerability Note(s) |
MS05-004: ASP.NET Path Validation Vulnerability (887219) |
VU#283646 Microsoft ASP.NET fails to perform proper canonicalization |
MS05-005: Microsoft Office XP could allow Remote Code Execution (873352) |
VU#416001 Microsoft Office XP contains buffer overflow vulnerability
|
MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) |
VU#340409 Microsoft Windows SharePoint Services and SharePoint Team Services contain
cross-site scripting vulnerabilities |
MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) |
VU#939074 Microsoft Computer Browser service contains an information disclosure vulnerability |
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) |
VU#698835 Microsoft Internet Explorer contains drag and drop flaw |
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) |
VU#259890 Windows Media Player does not properly handle PNG images with excessive width or height values
VU#817368 libpng png_handle_sBIT() performs insufficient bounds checking
VU#388984 libpng fails to properly check length of transparency chunk (tRNS) data
|
MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834) |
VU#130433 Microsoft License Logging Service buffer overflow |
MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) |
VU#652537 Microsoft Windows SMB packet validation vulnerability |
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) |
VU#597889 Microsoft COM Structured Storage Vulnerability
VU#927889 Microsoft OLE input validation vulnerability
|
MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability |
MS05-014: Cumulative Security Update for Internet Explorer (867282) |
VU#698835 Microsoft Internet Explorer contains drag and drop flaw
VU#580299 Microsoft Internet Explorer contains URL decoding zone spoofing vulnerability
VU#843771 Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability
VU#823971 Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability
|
MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) |
VU#820427 Microsoft Hyperlink Object Library buffer overflow |
II. Impact
A remote, unauthenticated attacker may exploit VU#283646 to gain unauthorized access to secured content on an ASP.NET server.
Exploitation of VU#416001, VU#698835, VU#259890, VU#817368, VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600, VU#580299, VU#843771, and VU#820427 would permit a
remote attacker to execute arbitrary code on a vulnerable Windows system.
Exploitation of VU#340409, VU#356600, and VU#823971 will have impacts similar to cross-site scripting vulnerabilities. For more information about cross-site scripting, please see CERT Advisory CA-2000-02.
A remote attacker could use VU#939074 to retrieve the names of users who have open connections to a shared Windows resource.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the
Security
Bulletins and on Windows Update.
Appendix A. References
Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, and Jeff Havrilla
Copyright 2005 Carnegie Mellon University. Terms of use
Revision History
February 8, 2005: Initial release
February 10, 2005: Updated text formatting in table
|