'Alert: Microsoft Security Bulletin MS05-037 - Vulnerability in JView Profiler Could Allow Remote Cod'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ntbugtraq
Subject:    Alert: Microsoft Security Bulletin MS05-037 - Vulnerability in JView Profiler Could Allow Remote Cod
From:       "Cooper, Russ" <russ.cooper () CYBERTRUST ! COM>
Date:       2005-07-12 17:47:19
Message-ID: 44E7FDB57196A64DA5849C2F0EC47CEA01D57A18 () hrn-msc-exch-01 ! mscore ! trusecure ! net
[Download RAW message or body]

Microsoft Security Bulletin MS05-037:
Vulnerability in JView Profiler Could Allow Remote Code Execution
(903235)

Bulletin URL:
<http://www.microsoft.com/technet/security/Bulletin/MS05-037.mspx>

Version Number: 1.0
Issued Date: Tuesday, July 12, 2005
Impact of Vulnerability: Remote Code Execution Maximum Severity Rating:
Critical
Patch(es) Replaced: None
Caveats: None

Tested Software:
Affected Software:
------------------
* Microsoft Windows 2000 Service Pack 4
* Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service
Pack 2
* Microsoft Windows XP Professional x64 Edition
* Microsoft Windows Server 2003
* Microsoft Windows Server 2003 Service Pack 1
* Microsoft Windows Server 2003 for Itanium-based Systems
* Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
* Microsoft Windows Server 2003 x64 Edition
* Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and
Microsoft Windows Millennium Edition (ME)
* Internet Explorer 6 for Windows Server 2003 (all versions), Microsoft
Windows Server 2003 x64 Edition, and for Microsoft Windows XP
Professional x64 Edition

Affected Components:
--------------------
* JView Profiler
* Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000
Service Pack 4 <http://tinyurl.com/bktqm>
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service
Pack 4, or on Microsoft Windows XP Service Pack 1
<http://tinyurl.com/9szyk>
* Internet Explorer 6 for Microsoft Windows XP Service Pack 2
<http://tinyurl.com/dd8zo>
* Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft
Windows Server 2003 Service Pack 1 <http://tinyurl.com/7ljsy>
* Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft
Windows Server 2003 with SP1 for Itanium-based Systems
<http://tinyurl.com/b6ac5>
* Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
<http://tinyurl.com/9dvk3>
* Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium
Edition - - Review the FAQ section of this bulletin for details about
these operating systems.
<http://tinyurl.com/cvm47>
* Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium
Edition - - Review the FAQ section of this bulletin for details about
these operating systems.
* Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on
Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition -
Review the FAQ section of this bulletin for details about these
operating systems.

Technical Description:
----------------------
* JView Profiler Vulnerability - CAN-2005-2087: A remote code execution
vulnerability exists in JView Profiler. An attacker could exploit the
vulnerability by constructing a malicious Web page that could
potentially allow remote code execution if a user visited the malicious
Web site. An attacker who successfully exploited this vulnerability
could take complete control of an affected system.

This email is sent to NTBugtraq automagically as a service to my
subscribers. (v4.01.1975.38886)

Cheers,
Russ Cooper - Cybertrust/NTBugtraq Editor

--
NTBugtraq Editor's Note:

Most viruses these days use spoofed email addresses. As such, using an Anti-Virus \
product which automatically notifies the perceived sender of a message it believes is \
infected may well cause more harm than good. Someone who did not actually send you a \
virus may receive the notification and scramble their support staff to find an \
infection which never existed in the first place. Suggest such notifications be \
disabled by whomever is responsible for your AV, or at least that the idea is \
                considered.
--


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic