U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA05-012A)

Multiple Vulnerabilities in Microsoft Windows

Original release date: January 12, 2005

Systems Affected

  • Windows 98, Me, 2000, XP, and Server 2003
  • Internet Explorer 5.x and 6.x
  • Other Windows programs that use MSHTML
  • Overview

    An attacker may be able to take control of your computer by taking advantage of two different vulnerabilities in Internet Explorer and Windows.

    Description

    There is a vulnerability in the way Internet Explorer processes certain HTML code. There is also a vulnerability in the way Microsoft Windows handles certain images. By exploiting either vulnerability, an attacker may be able to take control of your computer.

    Reports indicate that one of these vulnerabilities is being exploited by malicious code referred to as Phel.

    Resolution

    Apply an update

    Install the updates as described in Microsoft Security Bulletins MS05-001 and MS05-002. Obtain the appropriate updates from Windows Update or by using Automatic Updates.

    References

    Author: Michael D. Durkota

    Copyright 2005 Carnegie Mellon University. Terms of use

    Revision History

    • January 12, 2005: Initial release

    Last updated

    This product is provided subject to this Notification and this Privacy & Use policy.

    Was this document helpful?  Yes  |  Somewhat  |  No

    Back to Top