Microsoft Windows, Internet Explorer, and Word Vulnerabilities
Original release date: July 12, 2005
Last revised: July 13, 2005
Source: US-CERT
Systems Affected
- Microsoft Windows
- Microsoft Office
- Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for July, 2005.
Overview
Microsoft has released updates that address critical vulnerabilities in
Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities
could allow a remote, unauthenticated attacker to execute arbitrary code on an
affected system.
I. Description
Microsoft Security Bulletins for July, 2005 address vulnerabilities in
Windows, Office, and Internet Explorer. Further information is available in
the following Vulnerability Notes:
VU#218621 - Microsoft Word buffer overflow in font processing routine
A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)
VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation
Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)
VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability
The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CAN-2005-2087)
II. Impact
Exploitation of these vulnerabilities could allow a remote, unauthenticated
attacker to execute arbitrary code with the privileges of the user. If the
user is logged on with administrative privileges, the attacker could take
control of an affected system.
III. Solution
Apply Updates
Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.
Workarounds
Please see the individual Vulnerability Notes for workarounds.
Appendix A. References
Feedback can be directed to the US-CERT Technical Staff.
Produced 2005 by US-CERT, a government organization. Terms of use
Revision History
July 12, 2005: Initial release
July 13, 2005: Updated Microsoft Update link