Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security US-CERT-Alerts
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

US-CERT Cyber Security Alert SA05-012A -- Multiple Vulnerabilities in Mi

from [US-CERT Alerts] Network Security [Permanent Link]
Subject: US-CERT Cyber Security Alert SA05-012A -- Multiple Vulnerabilities in Microsoft Windows
Date: Wed, 12 Jan 2005 23:02:49 -0500 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                  Cyber Security Alert SA05-012A

           Multiple Vulnerabilities in Microsoft Windows


   Original release date: January 12, 2005
   Last revised: --
   Source: US-CERT


Systems Affected

     * Windows 98, Me, 2000, XP, and Server 2003

     * Internet Explorer 5.x and 6.x

     * Other Windows programs that use MSHTML


Overview

     An attacker may be able to take control of your computer by
     taking advantage of two different vulnerabilities in Internet
     Explorer and Windows.


Description

     There is a vulnerability in the way Internet Explorer processes
     certain HTML code. There is also a vulnerability in the way
     Microsoft Windows handles certain images. By exploiting either
     vulnerability, an attacker may be able to take control of your
     computer.

     Reports indicate that one of these vulnerabilities is being
     exploited by malicious code referred to as Phel.


Resolution

Apply an update

     Install the updates as described in Microsoft Security Bulletins
     MS05-001 and MS05-002. Obtain the appropriate updates from
     Windows Update or by using Automatic Updates.


References

     * US-CERT Technical Alert TA05-012A -
       <http://www.us-cert.gov/cas/techalerts/TA05-012A.html>

     * US-CERT Technical Alert TA05-012B -
       <http://www.us-cert.gov/cas/techalerts/TA05-012B.html>

     * Vulnerability Note VU#972415 -
       <Http://www.kb.cert.org/vuls/id/972415>

     * Vulnerability Note VU#625856 -
       <http://www.kb.cert.org/vuls/id/625856>

     _________________________________________________________________


   Author: Michael D. Durkota

   Feedback can be directed to US-CERT.

   Send mail to <cert@cert.org>.

   Please include the subject line "SA05-012A Feedback VU#972415
   VU#625856".

     _________________________________________________________________


   Copyright 2005 Carnegie Mellon University.

   Terms of use:  <http://www.us-cert.gov/legal.html>

     _________________________________________________________________


   The latest version of this document is available at:

     <http://www.us-cert.gov/cas/alerts/SA05-012A.html>

     _________________________________________________________________


   Revision History

   January 12, 2005: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iQEVAwUBQeXybRhoSezw4YfQAQLJ2wf9Gle3aK0uZP1wxMNXYUE3RHLiCDBzzu8V
ttprKuRz2049vIX8RotuwNjzSXct+afzjHDEoXpCfPGxjJgxvy7oKmcxmSD7gfl7
GRsC0/zgz83nd4fQoR193m4CqWQ8hswJ5VsEbVQdiwYTxxvFPjNS8rd2jC/0UX+W
KNFpOGSQUuVbas0FeI/Oq6dScPC7f82LlSbui7Em1dW4CKbK9hZvLWGllp7gVu4Q
as0E7Kk9COZ+Byi11DpgwesAQ3mweuSdGDeEfgjD6+lIFhfYyLTKkAvsU2pY4dHV
Ztz7uOVXad53ogGntAg9GP49xpIW3W/s0PPXLA8Svgb589RNoecp+w==
=OHid
-----END PGP SIGNATURE-----
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • US-CERT Cyber Security Alert SA05-012A -- Multiple Vulnerabilities in Microsoft Windows, US-CERT Alerts <=
Indexes:  [Date] [Thread] [Top] [All Lists]