-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA05-193A Microsoft Windows, Internet Explorer, and Word Vulnerabilities Original release date: July 12, 2005 Last revised: -- Source: US-CERT Systems Affected * Microsoft Windows * Microsoft Office * Microsoft Internet Explorer For more complete information, refer to the Microsoft Security Bulletin Summary for July, 2005. Overview Microsoft has released updates that address critical vulnerabilities in Windows, Office, and Internet Explorer. Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code on an affected system. I. Description Microsoft Security Bulletins for July, 2005 address vulnerabilities in Windows, Office, and Internet Explorer. Further information is available in the following Vulnerability Notes: VU#218621 - Microsoft Word buffer overflow in font processing routine A buffer overflow in the font processing routine of Microsoft Word may allow a remote attacker to execute code on a vulnerable system. (CAN-2005-0564) VU#720742 - Microsoft Color Management Module buffer overflow during profile tag validation Microsoft Color Management Module fails to properly validate input data, allowing a remote attacker to execute arbitrary code. (CAN-2005-1219) VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an unspecified vulnerability The JVIEW Profiler COM object contains an unspecified vulnerability, which may allow a remote attacker to execute arbitrary code on a vulnerable system. (CAN-2005-2087) II. Impact Exploitation of these vulnerabilities could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user. If the user is logged on with administrative privileges, the attacker could take control of an affected system. III. Solution Apply Updates Microsoft has provided the updates for these vulnerabilities in the Security Bulletins and on the Microsoft Update site. Workarounds Please see the individual Vulnerability Notes for workarounds. Appendix A. References * Microsoft Security Bulletin Summary for July, 2005 <http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx> * US-CERT Vulnerability Note VU#218621 <http://www.kb.cert.org/vuls/id/218621> * US-CERT Vulnerability Note VU#720742 <http://www.kb.cert.org/vuls/id/720742> * US-CERT Vulnerability Note VU#939605 <http://www.kb.cert.org/vuls/id/939605> * CAN-2005-0564 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564> * CAN-2005-1219 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219> * CAN-2005-2087 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087> * Microsoft Update <http://update.microsoft.com/> * Microsoft Update Overview <http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa ult.mspx> _________________________________________________________________ Feedback can be directed to the US-CERT Technical Staff. Please send mail to cert@xxxxxxxx with the subject: "TA05-193A Feedback VU#720742" _________________________________________________________________ This document is available at <http://www.us-cert.gov/cas/techalerts/TA05-193A.html> _________________________________________________________________ Produced 2005 by US-CERT, a government organization. _________________________________________________________________ Terms of use <http://www.us-cert.gov/legal.html> _________________________________________________________________ Revision History July 12, 2005: Initial release Last updated July 12, 2005 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2 ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4 jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE 38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6 4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg== =eMPQ -----END PGP SIGNATURE-----