Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1214
    posted: 07/17/08
  • NSM Daily Update #1214
    posted: 07/17/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1214
    posted: 07/17/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1201
    posted: 07/17/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 07/17/08
Microsoft Security Bulletins

June 2005

Prior Updates:

2008 |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

June 2005

Microsoft Security Bulletin MS05-025

Cumulative Security Update for Internet Explorer (883939)

Severity: Critical
Vulnerabilities:
  • PNG Image Rendering Memory Corruption Vulnerability - CAN-2005-1211
    A remote code execution vulnerability exists in Internet Explorer because of the way that it handles PNG images. An attacker could exploit the vulnerability by constructing a malicious PNG image that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS05-026

Vulnerability in HTML Help Could Allow Remote Code Execution (896358)

Severity: Critical
Vulnerabilities:
  • HTML Help Vulnerability - CAN-2005-1208
    A remote code execution vulnerability exists in HTML Help that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.

Microsoft Security Bulletin MS05-027

Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)

Severity: Critical
Vulnerabilities:
  • Server Message Block Vulnerability - CAN-2005-1206
    A remote code execution vulnerability exists in Server Message Block (SMB) that could allow an attacker who successfully exploited this vulnerable to take complete control of the affected system.

Microsoft Security Bulletin MS05-028

Vulnerability in Web Client Service Could Allow Elevation of Privilege (896426)

Severity: Important
Vulnerabilities:
  • Web Client Vulnerability - CAN-2005-1207
    A privilege elevation vulnerability exists in the way that Windows processes Web Client requests. This vulnerability could allow a locally logged on user to take complete control of the system.

Microsoft Security Bulletin MS05-029

Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attacks (895179)

Severity: Important
Vulnerabilities:
  • Exchange Server Outlook Web Access Vulnerability - CAN-2005-0563
    This is a cross-site scripting vulnerability. The cross-site scripting vulnerability could allow an attacker to convince a user to run a malicious script. If this malicious script is run, it would execute in the security context of the user. Attempts to exploit this vulnerability require user interaction. This vulnerability could allow an attacker access to any data on the Outlook Web Access server that was accessible to the individual user.

Microsoft Security Bulletin MS05-030

Vulnerability in Outlook Express Could Allow Remote Code Execution (897715)

Severity: Important
Vulnerabilities:
  • Outlook Express News Reading Vulnerability - CAN-2005-1213
    A remote code execution vulnerability exists in Outlook Express when used as a News reader. An attacker could exploit the vulnerability by constructing a malicious News server that could that potentially allow remote code execution if a user queried the server for news. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS05-031

Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (898458)

Severity: Important
Vulnerabilities:
  • Interactive Training Vulnerability - CAN-2005-1212
    A remote code execution vulnerability exists in Step-by-Step Interactive Training because of the way that it handles bookmark link files. An attacker could exploit the vulnerability by constructing a malicious bookmark link file that could potentially allow remote code execution if a user visited a malicious Web site or opened a malicious attachment provided in an e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS05-032

Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

Severity: Important
Vulnerabilities:
  • Microsoft Agent Vulnerability - CAN-2005-1214
    This is a spoofing vulnerability that exists in the affected products and that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker?s site to attempt to exploit this vulnerability.

Microsoft Security Bulletin MS05-033

Vulnerability in Telnet Client Could Allow Information Disclosure (896428)

Severity: Moderate
Vulnerabilities:
  • Telnet Vulnerability - CAN-2005-1205
    An attacker who successfully exploited this information disclosure vulnerability could remotely read the session variables for users who have an open connection to a malicious telnet server.

Microsoft Security Bulletin MS05-034

Cumulative Security Update for ISA Server 2000 (899753)

Severity: Moderate
Vulnerabilities:
  • HTTP Content Header Vulnerability - CAN-2005-1215
    A vulnerability exists in ISA Server 2000 because of the way that it handles malformed http requests. An attacker could exploit the vulnerability by constructing a malicious http request that could potentially allow an attacker to poison the cache of the affected ISA server. As a result, the attacker could either bypass content restrictions and access content that they would normally not have access to or they could cause users to unsuspectingly be directed to unexpected content.