Multiple Vulnerabilities in Microsoft Windows
Systems Affected
Windows 98, Me, 2000, XP, and Server 2003 Internet Explorer 5.x and 6.x Other Windows programs that use MSHTML
Overview
An attacker may be able to take control of your computer by taking advantage of two different vulnerabilities in Internet Explorer and Windows.
Description
There is a vulnerability in the way Internet Explorer processes
certain HTML code. There is also a vulnerability in the way Microsoft Windows handles certain images. By exploiting either vulnerability, an attacker may be
able to take control of your computer.Reports indicate that one of these vulnerabilities is being exploited by
malicious code referred to as Phel.
Resolution
Apply an update
Install the updates as described in Microsoft Security Bulletins MS05-001 and MS05-002. Obtain the appropriate updates from Windows Update or by using Automatic
Updates.
References
- US-CERT Technical Alert TA05-012A - <http://www.us-cert.gov/cas/techalerts/TA05-012A.html>
- US-CERT Technical Alert TA05-012B - <http://www.us-cert.gov/cas/techalerts/TA05-012B.html>
- Vulnerability Note VU#972415 - <http://www.kb.cert.org/vuls/id/972415>
- Vulnerability Note VU#625856 - <http://www.kb.cert.org/vuls/id/625856>
Author: Michael D. Durkota
Copyright 2005 Carnegie Mellon University.
Terms of use
Revision History
-
January 12, 2005: Initial release
Last updated
This product is provided subject to this Notification and this Privacy & Use policy.