AuthorMessage
bastya_elvtars
n00b
Posts: 49

National Cyber Alert System
              Technical Cyber Security Alert TA05-102A
Multiple Vulnerabilities in Microsoft Windows Components
   Original release date: April 12, 2005
   Last revised: --
   Source: US-CERT
Systems Affected
     * Microsoft Windows Systems
   For a complete list of affected versions of the Windows operating
   systems and components, refer to the Microsoft Security Bulletins.
Overview
   Microsoft has released a Security Bulletin Summary for April, 2005.
   This summary includes several bulletins that address
   vulnerabilities in various Windows applications and
   components. Exploitation of some vulnerabilities can result in the
   remote execution of arbitrary code by a remote attacker. Details of
   the vulnerabilities and their impacts are provided below.
I. Description
   The list below provides a mapping between Microsoft's Security
   Bulletins and the related US-CERT Vulnerability Notes. More
   information related to the vulnerabilities is available in these
   documents.
   Microsoft Security Bulletin MS05-020:
    Cumulative Security Update for Internet Explorer (890923)
     VU#774338 Microsoft Internet Explorer DHTML objects contain a
               race condition
     VU#756122 Microsoft Internet Explorer URL validation routine
               contains a buffer overflow
     VU#222050 Microsoft Internet Explorer Content Advisor contains a
               buffer overflow
   Microsoft Security Bulletin MS05-02:
    Vulnerability in Exchange Server Could Allow Remote Code
    Execution (894549)
     VU#275193 Microsoft Exchange Server contains unchecked buffer in SMTP
               extended verb handling
   Microsoft Security Bulletin MS05-022:
    Vulnerability in MSN Messenger Could Lead to Remote Code Execution
    (896597)
     VU#633446 Microsoft MSN Messenger GIF processing
               buffer overflow
   Microsoft Security Bulletin MS05-019:
    Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial
    of Service (893066)
      VU#233754 Microsoft Windows does not adequately validate IP
                packets
II. Impact
   Exploitation of these vulnerabilities may permit a remote attacker to
   execute arbitrary code on a vulnerable Windows system, or cause a
   denial-of-service condition.
III. Solution
Apply a patch
   Microsoft has provided the patches for these vulnerabilities in the
   Security Bulletins and on Windows Update.