Skip to content

Home  |   FAQ  |   Contact  |   Privacy & Use

customize
National Cyber Alert System
Technical Cyber Security Alert TA05-039Aarchive

Multiple Vulnerabilities in Microsoft Windows Components

Original release date: February 8, 2005
Last revised: February 10, 2005
Source: US-CERT

Systems Affected

  • Microsoft Windows Systems

Overview

Microsoft has released a Security Bulletin Summary for February, 2005. This summary includes several bulletins that address vulnerabilities in various Windows applications and components. Exploitation of some vulnerabilities can result in the remote execution of arbitrary code by a remote attacker. Details of the vulnerabilities and their impacts are provided below.



I. Description

The table below provides a reference between Microsoft's Security Bulletins and the related US-CERT Vulnerability Notes. More information related to the vulnerabilities is available in these documents.

Microsoft Security BulletinRelated US-CERT Vulnerability Note(s)
MS05-004: ASP.NET Path Validation Vulnerability (887219) VU#283646 Microsoft ASP.NET fails to perform proper canonicalization
MS05-005: Microsoft Office XP could allow Remote Code Execution (873352) VU#416001 Microsoft Office XP contains buffer overflow vulnerability
MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887981) VU#340409 Microsoft Windows SharePoint Services and SharePoint Team Services contain cross-site scripting vulnerabilities
MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302) VU#939074 Microsoft Computer Browser service contains an information disclosure vulnerability
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code Execution (890047) VU#698835 Microsoft Internet Explorer contains drag and drop flaw
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code Execution (890261) VU#259890 Windows Media Player does not properly handle PNG images with excessive width or height values

VU#817368 libpng png_handle_sBIT() performs insufficient bounds checking

VU#388984 libpng fails to properly check length of transparency chunk (tRNS) data
MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834) VU#130433 Microsoft License Logging Service buffer overflow
MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250) VU#652537 Microsoft Windows SMB packet validation vulnerability
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333) VU#597889 Microsoft COM Structured Storage Vulnerability

VU#927889 Microsoft OLE input validation vulnerability
MS05-013: Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
MS05-014: Cumulative Security Update for Internet Explorer (867282) VU#698835 Microsoft Internet Explorer contains drag and drop flaw

VU#580299 Microsoft Internet Explorer contains URL decoding zone spoofing vulnerability

VU#843771 Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability

VU#823971 Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability
MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113) VU#820427 Microsoft Hyperlink Object Library buffer overflow

II. Impact

A remote, unauthenticated attacker may exploit VU#283646 to gain unauthorized access to secured content on an ASP.NET server.

Exploitation of VU#416001, VU#698835, VU#259890, VU#817368, VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600, VU#580299, VU#843771, and VU#820427 would permit a remote attacker to execute arbitrary code on a vulnerable Windows system.

Exploitation of VU#340409, VU#356600, and VU#823971 will have impacts similar to cross-site scripting vulnerabilities. For more information about cross-site scripting, please see CERT Advisory CA-2000-02.

A remote attacker could use VU#939074 to retrieve the names of users who have open connections to a shared Windows resource.


III. Solution

Apply a patch

Microsoft has provided the patches for these vulnerabilities in the Security Bulletins and on Windows Update.

Appendix A. References


Feedback can be directed to the authors: Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, and Jeff Havrilla

Copyright 2005 Carnegie Mellon University. Terms of use

Revision History

February 8, 2005: Initial release
February 10, 2005: Updated text formatting in table

Last updated February 08, 2008
print this document