FW: MinorRev: Microsoft Security Bulletin MS05-025 - Cumulative Security Update for Internet Explorer (883939)

From: Cooper, Russ (russ.cooper_at_CYBERTRUST.COM)
Date: 06/15/05

  • Next message: Cooper, Russ: "FW: MinorRev: Microsoft Security Bulletin MS05-033 - Vulnerability in Telnet Client Could Allow Information Disclosure (896428)"
    Date:         Wed, 15 Jun 2005 17:00:15 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Microsoft Security Bulletin MS05-025:
    Cumulative Security Update for Internet Explorer (883939)

    Bulletin URL:
    <http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx>

    Reason for Revision: Bulletin revised to provide clarification around
    mitigating factors for the PNG Image Rendering Memory Corruption
    Vulnerability.
    Version Number: 1.1
    Issued Date: Tuesday, June 14, 2005
    Revision Date: Wednesday, June 15, 2005
    Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:
    Critical
    Patch(es) Replaced: This update replaces the update that is included
    with Microsoft Security Bulletin MS05-020. That update is also a
    cumulative update.
    Caveats: Microsoft Knowledge Base Article 883939 documents the currently
    known issues that customers may experience when they install this
    security update. The article also documents recommended solutions for
    these issues. For more information, see Microsoft Knowledge Base Article
    883939. This update does include hotfixes that have been released since
    the release of MS04-004 or MS04-025, but they will only be installed on
    systems that need them. Customers who have received hotfixes from
    Microsoft or from their support providers since the release of MS04-004
    or MS04-025 should review the 'I have received a hotfix from Microsoft
    or my support provider since the release of MS04-004. Is that hotfix
    included in this security update?' question in the FAQ section of this
    bulletin to determine how you can make sure that the necessary hotfixes
    are installed. Microsoft Knowledge Base Article 883939 also documents
    this in more detail.

    Tested Software:
    Affected Software:
    ------------------
    * Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
    Service Pack 4
    * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
    Pack 2
    * Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
    * Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
    * Microsoft Windows XP Professional x64 Edition
    * Microsoft Windows Server 2003
    * Microsoft Windows Server 2003 Service Pack 1
    * Microsoft Windows Server 2003 for Itanium-based Systems
    * Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
    * Microsoft Windows Server 2003 x64 Edition
    * Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
    Microsoft Windows Millennium Edition (ME)
    * Internet Explorer 6 for Windows Server 2003 (all versions), Windows XP
    64-Bit Edition Version 2003 (Itanium), Microsoft Windows Server 2003 x64
    Edition, and for Microsoft Windows XP Professional x64 Edition

    Affected Components:
    --------------------
    * Internet Explorer 5.01 Service Pack 3 on Microsoft Windows 2000
    Service Pack 3:
    <http://tinyurl.com/9ucyg>
    * Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
    Service Pack 4:
    <http://tinyurl.com/df2zk>
    * Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service
    Pack 3, on Microsoft Windows 2000 Service Pack 4, or on Microsoft
    Windows XP Service Pack 1:
    <http://tinyurl.com/7ndru>
    * Internet Explorer 6 for Microsoft Windows XP Service Pack 2:
    <http://tinyurl.com/9fpjw>
    * Internet Explorer 6 Service Pack 1 for Microsoft Windows XP 64-Bit
    Edition Service Pack 1 (Itanium):
    <http://tinyurl.com/dxg43>
    * Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft
    Windows Server 2003 Service Pack 1:
    <http://tinyurl.com/8jjnv>
    * Internet Explorer 6 for Microsoft Windows XP 64-Bit Edition Version
    2003 (Itanium), Microsoft Windows Server 2003 for Itanium-based Systems
    and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:
    <http://tinyurl.com/abvgx>
    * Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition, and
    Microsoft Windows XP Professional x64 Edition: Internet Explorer 5.5
    Service Pack 2 on Microsoft Windows Millennium Edition - Review the FAQ
    section of this bulletin for details about this version. Internet
    Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows
    98 SE, or on Microsoft Windows Millennium Edition - Review the FAQ
    section of this bulletin for details about this version.
    <http://tinyurl.com/dtmx4>

    Technical Description:
    ----------------------
    * PNG Image Rendering Memory Corruption Vulnerability - CAN-2005-1211 A
    remote code execution vulnerability exists in Internet Explorer because
    of the way that it handles PNG images. An attacker could exploit the
    vulnerability by constructing a malicious PNG image that could
    potentially allow remote code execution if a user visited a malicious
    Web site or viewed a malicious e-mail message. An attacker who
    successfully exploited this vulnerability could take complete control of
    an affected system.

    * XML Redirect Information Disclosure Vulnerability - CAN-2002-0648 An
    information disclosure vulnerability exists in Internet Explorer because
    of the way that it handles certain requests to display XML content. An
    attacker could exploit the vulnerability by constructing a malicious Web
    page that could potentially lead to information disclosure if a user
    visited a malicious Web site or viewed a malicious e-mail message. An
    attacker who successfully exploited this vulnerability could read XML
    data from another Internet Explorer domain. However, user interaction is
    required to exploit this vulnerability.

    Revision History:
    -----------------
    * v1.0 - 6/14/2005: Bulletin published
    * v1.1 - 6/15/2005: Bulletin revised to provide clarification around
    mitigating factors for the PNG Image Rendering Memory Corruption
    Vulnerability.

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v4.01.1975.38886)

    Cheers,
    Russ Cooper - Senior Scientist - Cybertrust/NTBugtraq Editor

    --
    NTBugtraq Editor's Note:
    Most viruses these days use spoofed email addresses. As such, using an Anti-Virus product which automatically notifies the perceived sender of a message it believes is infected may well cause more harm than good. Someone who did not actually send you a virus may receive the notification and scramble their support staff to find an infection which never existed in the first place. Suggest such notifications be disabled by whomever is responsible for your AV, or at least that the idea is considered.
    --
    

  • Next message: Cooper, Russ: "FW: MinorRev: Microsoft Security Bulletin MS05-033 - Vulnerability in Telnet Client Could Allow Information Disclosure (896428)"