-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Technical Cyber Security Alert TA05-039A
Multiple Vulnerabilities in Microsoft Windows Components
Original release date: February 8, 2005
Last revised: --
Source: US-CERT
Systems Affected
* Microsoft Windows Systems
Overview
Microsoft has released a Security Bulletin Summary for February, 2005.
This summary includes several bulletins that address vulnerabilities
in various Windows applications and components. Exploitation of some
vulnerabilities can result in the remote execution of arbitrary code
by a remote attacker. Details of the vulnerabilities and their impacts
are provided below.
I. Description
The table below provides a reference between Microsoft's Security
Bulletins and the related US-CERT Vulnerability Notes. More
information related to the vulnerabilities is available in these
documents.
_________________________________________________________________
Format:
Microsoft Security Bulletin
Related US-CERT Vulnerability Note(s)
_________________________________________________________________
MS05-004: ASP.NET Path Validation Vulnerability (887219)
VU#283646 Microsoft ASP.NET fails to perform proper
canonicalization
_________________________________________________________________
MS05-005: Microsoft Office XP could allow Remote Code Execution
(873352)
VU#416001 Microsoft Office XP contains buffer overflow
vulnerability
_________________________________________________________________
MS05-006: Vulnerability in Windows SharePoint Services and
SharePoint Team Services Could Allow Cross-Site Scripting and
Spoofing Attacks (887981)
VU#340409 Microsoft Windows SharePoint Services and SharePoint Team
Services contain cross-site scripting vulnerabilities
_________________________________________________________________
MS05-007: Vulnerability in Windows Could Allow Information
Disclosure (888302)
VU#939074 Microsoft Computer Browser service contains an
information disclosure vulnerability
_________________________________________________________________
MS05-008: Vulnerability in Windows Shell Could Allow Remote Code
Execution (890047)
VU#698835 Microsoft Internet Explorer contains drag and drop flaw
_________________________________________________________________
MS05-009: Vulnerability in PNG Processing Could Allow Remote Code
Execution (890261)
VU#259890 Windows Media Player does not properly handle PNG images
with excessive width or height values
VU#817368 libpng png_handle_sBIT() performs insufficient bounds
checking
VU#388984 libpng fails to properly check length of transparency
chunk (tRNS) data
_________________________________________________________________
MS05-010: Vulnerability in the License Logging Service Could Allow
Code Execution (885834)
VU#130433 Microsoft License Logging Service buffer overflow
_________________________________________________________________
MS05-011: Vulnerability in Server Message Block Could Allow Remote
Code Execution (885250)
VU#652537 Microsoft Windows SMB packet validation vulnerability
_________________________________________________________________
MS05-012: Vulnerability in OLE and COM Could Allow Remote Code
Execution (873333)
VU#597889 Microsoft COM Structured Storage Vulnerability
VU#927889 Microsoft OLE input validation vulnerability
_________________________________________________________________
MS05-013: Vulnerability in the DHTML Editing Component ActiveX
Control Could Allow Remote Code Execution (891781)
VU#356600 Microsoft Internet Explorer DHTML Editing ActiveX control
contains a cross-domain vulnerability
_________________________________________________________________
MS05-014: Cumulative Security Update for Internet Explorer (867282)
VU#698835 Microsoft Internet Explorer contains drag and drop flaw
VU#580299 Microsoft Internet Explorer contains URL decoding zone
spoofing vulnerability
VU#843771 Microsoft Internet Explorer contains a DHTML method heap
memory corruption vulnerability
VU#823971 Microsoft Internet Explorer contains a Channel Definition
Format (CDF) cross-domain vulnerability
_________________________________________________________________
MS05-015: Vulnerability in Hyperlink Object Library Could Allow
Remote Code Execution (888113)
VU#820427 Microsoft Hyperlink Object Library buffer overflow
_________________________________________________________________
II. Impact
A remote, unauthenticated attacker may exploit VU#283646 to gain
unauthorized access to secured content on an ASP.NET server.
Exploitation of VU#416001, VU#698835, VU#259890, VU#817368,
VU#388984, VU#130433, VU#652537, VU#597889, VU#927889, VU#356600,
VU#580299, VU#843771, and VU#820427 would permit a remote attacker
to execute arbitrary code on a vulnerable Windows system.
Exploitation of VU#340409, VU#356600, and VU#823971 will have
impacts similar to cross-site scripting vulnerabilities. For more
information about cross-site scripting, please see CERT Advisory
CA-2000-02.
A remote attacker could use VU#939074 to retrieve the names of
users who have open connections to a shared Windows resource.
III. Solution
Apply a patch
Microsoft has provided the patches for these vulnerabilities in the
Security Bulletins and on Windows Update.
Appendix A. References
* Microsoft's Security Bulletin Summary for February, 2005 -
<http://www.microsoft.com/technet/security/bulletin/ms05-feb.mspx>
* US-CERT Vulnerability Note VU#283646 -
<http://www.kb.cert.org/vuls/id/283646>
* US-CERT Vulnerability Note VU#416001 -
<http://www.kb.cert.org/vuls/id/416001>
* US-CERT Vulnerability Note VU#340409 -
<http://www.kb.cert.org/vuls/id/340409>
* US-CERT Vulnerability Note VU#939074 -
<http://www.kb.cert.org/vuls/id/939074>
* US-CERT Vulnerability Note VU#698835 -
<http://www.kb.cert.org/vuls/id/698835>
* US-CERT Vulnerability Note VU#259890 -
<http://www.kb.cert.org/vuls/id/259890>
* US-CERT Vulnerability Note VU#817368 -
<http://www.kb.cert.org/vuls/id/817368>
* US-CERT Vulnerability Note VU#388984 -
<http://www.kb.cert.org/vuls/id/388984>
* US-CERT Vulnerability Note VU#130433 -
<http://www.kb.cert.org/vuls/id/130433>
* US-CERT Vulnerability Note VU#652537 -
<http://www.kb.cert.org/vuls/id/652537>
* US-CERT Vulnerability Note VU#597889 -
<http://www.kb.cert.org/vuls/id/597889>
* US-CERT Vulnerability Note VU#927889 -
<http://www.kb.cert.org/vuls/id/927889>
* US-CERT Vulnerability Note VU#356600 -
<http://www.kb.cert.org/vuls/id/356600>
* US-CERT Vulnerability Note VU#580299 -
<http://www.kb.cert.org/vuls/id/580299>
* US-CERT Vulnerability Note VU#843771 -
<http://www.kb.cert.org/vuls/id/843771>
* US-CERT Vulnerability Note VU#823971 -
<http://www.kb.cert.org/vuls/id/823971>
* US-CERT Vulnerability Note VU#820427 -
<http://www.kb.cert.org/vuls/id/820427>
* CERT Advisory CA-2000-002 -
<http://www.cert.org/advisories/CA-2000-02.html#impact>
_________________________________________________________________
Feedback can be directed to the authors: Will Dormann, Jeff Gennari,
Chad Dougherty, Ken MacInnis, and Jeff Havrilla
_________________________________________________________________
This document is available from:
<http://www.us-cert.gov/cas/techalerts/TA05-039A.html>
_________________________________________________________________
Copyright 2004 Carnegie Mellon University.
Terms of use: <http://www.us-cert.gov/legal.html>
_________________________________________________________________
Revision History
February 8, 2005: Initial release
Last updated February 08, 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iQEVAwUBQglyjBhoSezw4YfQAQJHvwf+MJrGdbRzuV+xr5SgRZQXCmL+0uSedhZZ
5c+NuO1p9wKex+9Q6a7UCvCykf0KgWumy0MkE5htZzxDqrTLMQxWOIa0JkHtqZGy
CklUEhEbB+4UeuVx0Jcgwkq7nLUaFJW86elSp0GyxiPVKQUFFwSRFYPzOUPYPe7+
Pv/JdiME6gejCdpTfiNxEvx7JKa/pWc/ntD/35bPWFkJkj+5VZPQQf/gaG7qmTll
zG0e21aufLjsfqZPYFyHr4ADmgeMkWutolZYnooEDNvOo1zhtrPkoZEMLLk68WMX
tia8bq0ScAhOg9gwQBvagBPqYyPGXbAsWLwPVB6nlWN68IbUezCzqw==
=I8H5
-----END PGP SIGNATURE-----
