Alert

Multiple Vulnerabilities in Microsoft Windows Components

Last Revised
Alert Code
TA05-102A

Systems Affected

  • Microsoft Windows Systems



For a complete list of affected versions of the Windows operating systems and components, refer to the Microsoft Security Bulletins.

Overview

Microsoft has released a Security
Bulletin Summary for April, 2005
. This summary includes several
bulletins that address vulnerabilities in various Windows applications and
components. Exploitation of some vulnerabilities can result in the remote
execution of arbitrary code by a remote attacker. Details of the
vulnerabilities and their impacts are provided below.

Description

The table below provides a mapping between
Microsoft's Security Bulletins and the related US-CERT Vulnerability
Notes. More information related to the vulnerabilities is available in
these documents.

Microsoft Security Bulletin Related US-CERT Vulnerability Note(s)
MS05-020:
Cumulative Security Update for Internet Explorer (890923)
VU#774338
Microsoft Internet Explorer DHTML objects contain a race condition


VU#756122
Microsoft Internet Explorer URL validation routine contains a buffer overflow


VU#222050
Microsoft Internet Explorer Content Advisor contains a buffer overflow
MS05-021:
Vulnerability in Exchange Server Could Allow Remote Code Execution (894549)
VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP extended verb handling
MS05-022:
Vulnerability in MSN Messenger Could Lead to Remote Code Execution (896597)
VU#633446 Microsoft MSN Messenger GIF processing buffer overflow
MS05-019: Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066) VU#233754 Microsoft Windows does not adequately validate IP packets

Impact

Exploitation of these vulnerabilities may permit a remote attacker to execute arbitrary code on a vulnerable Windows system, or cause a denial-of-service condition.

Solution

Apply a patch

Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.





Appendix A. References


Feedback can be directed to the authors:
Will Dormann, Jeff Gennari, Chad Dougherty, Ken MacInnis, Jason Rafail, Art Manion, and Jeff Havrilla

Copyright 2005 Carnegie Mellon University. Terms of use

Revision History

  • April 12, 2005: Initial release

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.