U.S. Flag Official website of the Department of Homeland Security

Note: This page is part of the us-cert.gov archive.This document is part of the US-CERT website archive. These documents are no longer updated and may contain outdated information. Links may also no longer function. Please contact info@us-cert.gov if you have any questions about the US-CERT website archive.

TLP:WHITE

Alert (TA05-193A)

Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Original release date: July 12, 2005 | Last revised: July 13, 2005

Systems Affected

  • Microsoft Windows
  • Microsoft Office
  • Microsoft Internet Explorer
For more complete information, refer to the Microsoft Security Bulletin Summary for July, 2005.

Overview

Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system.

Description

Microsoft Security Bulletins for July, 2005 address vulnerabilities in Windows, Office, and Internet Explorer. Further information is available in the following Vulnerability Notes:

VU#218621 - Microsoft Word buffer overflow in font processing routine

A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)

VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation

Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)

VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability

The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
(CAN-2005-2087)

Impact

Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system.

Solution

Apply Updates

Microsoft has provided the updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site.

Workarounds

Please see the individual Vulnerability Notes for workarounds.


Appendix A. References


Feedback can be directed to the US-CERT Technical Staff.

Revision History

  • July 12, 2005: Initial release
    July 13, 2005: Updated Microsoft Update link

    Last updated

This product is provided subject to this Notification and this Privacy & Use policy.

Was this document helpful?  Yes  |  Somewhat  |  No

Back to Top