Skip to content

customize
National Cyber Alert System
Technical Cyber Security Alert TA05-193Aarchive

Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Original release date: July 12, 2005
Last revised: July 13, 2005
Source: US-CERT

Systems Affected

  • Microsoft Windows
  • Microsoft Office
  • Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for July, 2005.

Overview

Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.


I. Description

Microsoft Security Bulletins for July, 2005 address vulnerabilities in Windows, Office, and Internet Explorer. Further information is available in the following Vulnerability Notes:

VU#218621 - Microsoft Word buffer overflow in font processing routine

A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)

VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation

Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)

VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability

The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CAN-2005-2087)


II. Impact

Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system.


III. Solution

Apply Updates

Microsoft has provided the updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.

Workarounds

Please see the individual Vulnerability Notes for workarounds.


Appendix A. References



Feedback can be directed to the US-CERT Technical Staff.


Produced 2005 by US-CERT, a government organization. Terms of use

Revision History

July 12, 2005: Initial release
July 13, 2005: Updated Microsoft Update link

Last updated February 08, 2008