U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (SA05-165A)

Microsoft Windows and Internet Explorer Vulnerabilities

Original release date: June 14, 2005

Systems Affected

  • Microsoft Windows and various Microsoft products, including Internet Explorer
  • Overview

    By taking advantage of vulnerabilities in various Microsoft products, an attacker may be able to stop affected programs or take control of your computer. Microsoft has released updates to address these issues.

    Solution

    Install Updates

    Microsoft has released security updates for Windows and Internet Explorer. To obtain the updates, visit the Windows Update web site. US-CERT also recommends enabling Automatic Updates.

    Description

    There are problems with various Microsoft applications and features:

    • Help system - The HTML Help system is used by many Microsoft Windows applications. An attacker may be able to create a malicious help file that may allow him or her to gain control of your computer.
    • Image handling - Images can be saved in multiple formats, including .jpg, .gif, and .png. An attacker may be able to create a malicious image file that, if you view it, will allow him or her to stop affected programs or take control of your computer.
    • Networking - Microsoft Windows uses networking to allow your computer to talk to printers and other computers. A vulnerability in Windows networking may allow an attacker to take control of your computer.

    For more technical information, see US-CERT Technical Alert TA05-165A.


    References


    Author: Mindi McDowell. .

    Produced by US-CERT, a government organization. Terms of use

    Revision History

    • June 14, 2005: Initial release

    Last updated

    This product is provided subject to this Notification and this Privacy & Use policy.

    Was this document helpful?  Yes  |  Somewhat  |  No

    Back to Top