The security updates for February 2005 include several high-priority updates for Microsoft Windows that also affect Microsoft SharePoint, Microsoft Internet Explorer, and Microsoft Media Player technologies.
Bulletin Description
|
Impact
|
Bulletin Rating
|
Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)
Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
|
Remote Code Execution
|
Critical
|
Cumulative Security Update for Internet Explorer (867282)
Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
Affected Components:
- Internet Explorer 5.01 Service Pack 3
- Internet Explorer 5.01 Service Pack 4
- Internet Explorer 5.5 Service Pack 2
- Internet Explorer 6 Service Pack 1
- Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
- Internet Explorer 6 for Windows Server 2003
- Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
- Internet Explorer 6 for Windows XP Service Pack 2
|
Remote Code Execution
|
Critical
|
Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781)
Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Windows 98
- Microsoft Windows 98 Second Edition (SE)
- Microsoft Windows Millennium Edition (ME)
|
Remote Code Execution
|
Critical
|
Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)
Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
- Microsoft Exchange 2000 Server Service Pack 3
- Microsoft Exchange Server 2003
- Microsoft Exchange Server 2003 Service Pack 1
- Microsoft Exchange Server 5.0 Service Pack 2
- Microsoft Exchange Server 5.5 Service Pack 4
- Microsoft Office XP Service Pack 3
- Microsoft Office XP Service Pack 2
- Microsoft Office 2003 Service Pack 1
- Microsoft Office 2003
|
Remote Code Execution
|
Critical
|
Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)
Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
|
Remote Code Execution
|
Critical
|
Vulnerability in the License Logging Service Could Allow Code Execution (885834)
Affected Software:
- Microsoft Windows NT Server 4.0 Service Pack 6a
- Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6a
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
|
Remote Code Execution
|
Critical
|
Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)
Affected Software:
- Microsoft Windows Media Player 9 Series
- Microsoft Windows Messenger version 5.0
- MSN Messenger 6.1
- MSN Messenger 6.2
Affected Components:
- Microsoft Windows Messenger 4.7.2009 (when running on Windows XP Service Pack 1)
- Microsoft Windows Messenger 4.7.3000 (when running on Windows XP Service Pack 2)
|
Remote Code Execution
|
Critical
|
Vulnerabilty in Windows Shell Could Allow Remote Code Execution (890047)
Affected Software:
- Microsoft Windows 2000 Service Pack 3
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 for Itanium-based Systems
|
Remote Code Execution
|
Important
|
Vulnerability in Windows Could Allow Information Disclosure (888302)
Affected Software:
- Microsoft Windows XP Service Pack 1
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
|
Information Disclosure
|
Important
|
ASP.NET Path Validation Vulnerability (887219)
Affected Software:
- Microsoft .NET Framework 1.0
- Microsoft .NET Framework 1.1
|
Information Disclosure, and possible Elevation of Privilege
|
Important
|
Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887891)
Affected Software:
- Windows SharePoint Services for Windows Server 2003
- SharePoint Team Services from Microsoft
|
Remote Code Execution
|
Moderate
|