34 KBMicrosoft Security Bulletins
December 2005
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)
December 2005
Microsoft Security Bulletin MS05-054
Cumulative Security Update for Internet Explorer (905915)
Severity: CriticalVulnerabilities:
- File Download Dialog Box Manipulation Vulnerability - CAN-2005-2829
A remote code execution vulnerability exists in the way Internet Explorer displays file download dialog boxes and accepts user input during interaction with a Web page. This interaction could be in the form of certain keystrokes that a user makes when visiting a Web page. A custom dialog box may also be positioned in front of a file download dialog box to make this more convincing. A user may also be persuaded to double-click an element of a Web page. - HTTPS Proxy Vulnerability - CAN-2005-2830
An information disclosure vulnerability exists in the way Internet Explorer behaves in certain situations where an HTTPS proxy server requires clients to use Basic authentication. This vulnerability could allow an attacker to read Web addresses in clear text off the network between Internet Explorer and the proxy server despite the connection being an HTTPS connection. - COM Object Instantiation Memory Corruption Vulnerability - CAN-2005-2831
A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. - Mismatched Document Object Model Objects Memory Corruption Vulnerability - CAN-2005-1790
A remote code execution vulnerability exists in the way Internet Explorer handles mismatched Document Object Model objects. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
Microsoft Security Bulletin MS05-055
Vulnerability in Windows Kernel Could Allow Elevation of Privilege (908523)
Severity: ImportantVulnerabilities:
- Windows Kernel Vulnerability - CAN-2005-2827
A privilege elevation vulnerability exists in the way that asynchronous procedure calls are processed within the kernel. This vulnerability could allow a logged on user to take complete control of the system.