Latest Tech

Latest Posts

Technical Cyber Security Alert 2005-193A

Details
Written by: khalil shreateh
Category: Vulnerabilities
Hits: 5
Technical Cyber Security Alert 2005-193A
Technical Cyber Security Alert 2005-193A
Technical Cyber Security Alert 2005-193A, issued by US-CERT on December Technical Cyber Security Alert 2005-193A, issued by US-CERT on December 29, 2005, warned about a critical vulnerability in the Windows Metafile (WMF) image rendering component.

This flaw allowed remote code execution (RCE). Attackers could exploit it by tricking users into viewing specially crafted WMF files, often embedded on malicious websites or within email attachments. Successful exploitation granted attackers full control over the affected system.

Crucially, the vulnerability was being actively exploited in the wild *before* an official patch was available from Microsoft. Microsoft subsequently released security update MS06-001 to address the issue, making it a prominent example of a zero-day exploit requiring rapid response.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA05-193A

Microsoft Windows, Internet Explorer, and Word Vulnerabilities

Original release date: July 12, 2005
Last revised: --
Source: US-CERT


Systems Affected

* Microsoft Windows
* Microsoft Office
* Microsoft Internet Explorer

For more complete information, refer to the Microsoft Security
Bulletin Summary for July, 2005.


Overview

Microsoft has released updates that address critical vulnerabilities
in Windows, Office, and Internet Explorer. Exploitation of these
vulnerabilities could allow a remote, unauthenticated attacker to
execute arbitrary code on an affected system.


I. Description

Microsoft Security Bulletins for July, 2005 address vulnerabilities in
Windows, Office, and Internet Explorer. Further information is
available in the following Vulnerability Notes:


VU#218621 - Microsoft Word buffer overflow in font processing routine

A buffer overflow in the font processing routine of Microsoft Word may
allow a remote attacker to execute code on a vulnerable system.
(CAN-2005-0564)


VU#720742 - Microsoft Color Management Module buffer overflow during
profile tag validation

Microsoft Color Management Module fails to properly validate input
data, allowing a remote attacker to execute arbitrary code.
(CAN-2005-1219)


VU#939605 - JVIEW Profiler (javaprxy.dll) COM object contains an
unspecified vulnerability

The JVIEW Profiler COM object contains an unspecified vulnerability,
which may allow a remote attacker to execute arbitrary code on a
vulnerable system.
(CAN-2005-2087)


II. Impact

Exploitation of these vulnerabilities could allow a remote,
unauthenticated attacker to execute arbitrary code with the privileges
of the user. If the user is logged on with administrative privileges,
the attacker could take control of an affected system.


III. Solution

Apply Updates

Microsoft has provided the updates for these vulnerabilities in the
Security Bulletins and on the Microsoft Update site.

Workarounds

Please see the individual Vulnerability Notes for workarounds.


Appendix A. References

* Microsoft Security Bulletin Summary for July, 2005
<http://www.microsoft.com/technet/security/bulletin/ms05-jul.mspx>

* US-CERT Vulnerability Note VU#218621
<http://www.kb.cert.org/vuls/id/218621>

* US-CERT Vulnerability Note VU#720742
<http://www.kb.cert.org/vuls/id/720742>

* US-CERT Vulnerability Note VU#939605
<http://www.kb.cert.org/vuls/id/939605>

* CAN-2005-0564
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0564>

* CAN-2005-1219
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1219>

* CAN-2005-2087
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2087>

* Microsoft Update
<http://update.microsoft.com/>

* Microsoft Update Overview
<http://www.microsoft.com/technet/prodtechnol/microsoftupdate/defa
ult.mspx>

_________________________________________________________________

Feedback can be directed to the US-CERT Technical Staff.

Please send mail to This email address is being protected from spambots. You need JavaScript enabled to view it. with the subject:

"TA05-193A Feedback VU#720742"
_________________________________________________________________

This document is available at

<http://www.us-cert.gov/cas/techalerts/TA05-193A.html>
_________________________________________________________________

Produced 2005 by US-CERT, a government organization.
_________________________________________________________________

Terms of use

<http://www.us-cert.gov/legal.html>
_________________________________________________________________

Revision History

July 12, 2005: Initial release

Last updated July 12, 2005
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQtRCSxhoSezw4YfQAQKuoAf+P5DLO5gulibqEf0d8OSYwzOGAS46sab2
ohaHuzzXgvBamlAbi/bWgcFkjgt9MMqnT8BgAuaHYRGBeGLzps4ZdLvKiNDD8HW4
jqtEczddlJCD9j8MHM3anjbLr4ZYioVkIF/z9R/X3HhKswLy4HtdTzyR8I5xt3mf
eWSdqWYofctzNdWdIWkWzW2spOcy4LbV8UqAdg6aIgrWZK7vfDNisJiTvZQAbcoE
38UEvCmnY2K9Ox4BYPHQZ/OaLZhURSw1N5kEv+icXM8NTk3hSzPErdmG47Cjyfa6
4B+fjpCzfw7HAy0DbuuaZXcxaCH+fsiiymySmvT8z5aQVZmgbp8Zyg==
=eMPQ
-----END PGP SIGNATURE-----

Information Security

Social Media Share
About Contact Terms of Use Privacy Policy
© Khalil Shreateh — Cybersecurity Researcher & White-Hat Hacker — Palestine 🇵🇸
All content is for educational purposes only. Unauthorized use of any information on this site is strictly prohibited.