Ïðîñìîòð ïîëíîé âåðñèè : July Microsoft Security Updates
Microsoft Security Bulletin Summary for July 2005
Microsoft Security Bulletin MS05-035 - MS05-037
Office; Microsoft Works Suites: MS05-035
Windows; Internet Explorer: MS05-036; MS05-037
Microsoft Security Bulletin MS05-035
Vulnerability in Microsoft Word Could Allow Remote Code Execution (903672)
Ïåðåïîëíåíèå áóôåðà ïðè îáðàáîòêå øðèôòîâ â Microsoft Word
Critical
Affected Software:
• Microsoft Office 2000 Software Service Pack 3 - Word 2000
• Microsoft Office XP Software Service Pack 3 - Word 2002
• Microsoft Works Suites:
• Microsoft Works Suite 2000
• Microsoft Works Suite 2001
• Microsoft Works Suite 2002
• Microsoft Works Suite 2003
• Microsoft Works Suite 2004
Non-Affected Software:
• Microsoft Office 2003 Word
• Microsoft Office Word 2003 Viewer
Îïèñàíèå:
Óÿçâèìîñòü ïîçâîëÿåò óäàëåííîìó ïîëüçîâàòåëþ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå.
Óÿçâèìîñòü ñóùåñòâóåò èç-çà îøèáêè ïðè îáðàáîòêå øðèôòîâ. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñîçäàòü ñïåöèàëüíûì îáðàçîì Word äîêóìåíò, âûçâàòü ïåðåïîëíåíèå ñòåêà è âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå ñ ïðèâèëåãèÿìè ïîëüçîâàòåëÿ, îòêðûâøåãî ôàéë.
http://www.microsoft.com/technet/security/Bulletin/MS05-035.mspx
http://www.securitylab.ru/55812.html
Microsoft Security Bulletin MS05-036
Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)
Ïåðåïîëíåíèå áóôåðà â Color Management Module â Microsoft Windows
Critical
Affected Software:
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Îïèñàíèå:
Îáíàðóæåííàÿ óÿçâèìîñòü ïîçâîëÿåò óäàëåííîìó ïîëüçîâàòåëþ âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå.
Óÿçâèìîñòü ñóùåñòâóåò èç-çà îøèáêè ïðè îáðàáîòêå òåãîâ ôîðìàòèðîâàíèÿ â ICC ïðîôèëå. Óäàëåííûé ïîëüçîâàòåëü ìîæåò ñîçäàòü ñïåöèàëüíî ñôîðìèðîâàííûé ãðàôè÷åñêèé ôàéë è âûïîëíèòü ïðîèçâîëüíûé êîä íà öåëåâîé ñèñòåìå ñ ïðèâèëåãèÿìè òåêóùåãî ïîëüçîâàòåëÿ.
Ïðèìå÷àíèå: Ñîãëàñíî Microsoft ñóùåñòâóåò ýêñïëîèò.
http://www.microsoft.com/technet/security/Bulletin/MS05-036.mspx
http://www.securitylab.ru/55810.html
Microsoft Security Bulletin MS05-037
Vulnerability in JView Profiler Could Allow Remote Code Execution (903235)
Critical
Affected Software:
• Microsoft Windows 2000 Service Pack 4
• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
• Microsoft Windows XP Professional x64 Edition
• Microsoft Windows Server 2003
• Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems
• Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Microsoft Windows Server 2003 x64 Edition
• Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME)
Tested Microsoft Windows Components:
Affected Components:
• JView Profiler
• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
• Internet Explorer 6 for Microsoft Windows XP Service Pack 2
• Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
• Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
• Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
• Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition
• Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition
http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx
http://virusinfo.info/showthread.php?t=2835
vBulletin® v4.2.5, Copyright ©2000-2024, Jelsoft Enterprises Ltd. Ïåðåâîä: zCarot