Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > July 2005 > Microsoft Security Bulletins - July 2005

July 2005

Microsoft Security Bulletins - July 2005

ID: 00571
Ref: 530/2005
Date: 12 July 2005:20:47:54
Version: 1
Title: Microsoft Security Bulletins - July 2005
Abstract: Microsoft have released a number of security bulletins detailing issues concerning various 'critical' vulnerabilities
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
Microsoft have released the following 'Critical' advisories.

1. http://www.microsoft.com/technet/security/Bulletin/MS05-035.mspx
Microsoft Security Bulletin MS05-035
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)

Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

The vulnerability is caused due to a boundary error within the parsing
of fonts. This can be exploited to cause a stack-based buffer overflow by
tricking a user into opening a specially crafted Word document.

Affected Software:
Microsoft Office 2000 Software Service Pack 3(KB895333) Word 2000
Microsoft Office XP Software Service Pack 3 (KB895589) Word 2002

Microsoft Works Suites:
Microsoft Works Suite 2000 (KB895333) (same as Microsoft Office 2000 link)
Microsoft Works Suite 2001 (KB895333) (same as Microsoft Office 2000 link)
Microsoft Works Suite 2002 (KB895589) (same as the Microsoft Office XP link)
Microsoft Works Suite 2003 (KB895589) (same as the Microsoft Office XP link)
Microsoft Works Suite 2004 (KB895589) (same as the Microsoft Office XP link)

2. http://www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
Microsoft Security Bulletin MS05-036
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)

Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

The vulnerability is caused due to a boundary error within the color management
module when validating ICC profile format tags. This can be exploited to cause
a buffer overflow by e.g. tricking a user into visiting a malicious web site or
view a malicious e-mail message containing a specially crafted image file.

Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003
with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows
Millennium Edition (ME) - Review the FAQ section of this bulletin for details about
these operating systems.

3. http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
Microsoft Security Bulletin MS05-037
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)

Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical

An attacker could exploit the vulnerability by constructing a malicious Web page that
could potentially allow remote code execution if a user visited the malicious Web site.
An attacker who successfully exploited this vulnerability could take complete control
of an affected system.

Affected Software:
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft
Windows Millennium Edition (ME)

Affected Components:
JView Profiler
Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or
on Microsoft Windows XP Service Pack 1
Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows
Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows
Server 2003 with SP1 for Itanium-based Systems
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft
Windows 98 SE or on Microsoft Windows Millennium Edition
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |