{"id":3472,"date":"2005-07-13T08:59:43","date_gmt":"2005-07-13T08:59:43","guid":{"rendered":"http:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/playing-with-firefox.html"},"modified":"2005-07-13T08:59:43","modified_gmt":"2005-07-13T08:59:43","slug":"playing-with-firefox","status":"publish","type":"post","link":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/e-commerce\/playing-with-firefox.html","title":{"rendered":"Playing with FireFox"},"content":{"rendered":"

I have been using FireFox more and more recently and was amused to find out
\nthat when I went to Microsoft Office
\nUpdate<\/a> I was told I need to use IE to download the required patches. I am
\nno expert on monopolies but there seems to be something unfair about being
\nforced into having a copy of IE on hand to make sure you can upgrade your
\nsoftware.<\/p>\n

The same thing holds true for Windows
\nUpdate<\/a>. I would think the EU and the DOJ\/FTC would be up in arms about such
\npractices.<\/p>\n

Here is the e-mail regarding a security flaw in Office that started me down
\nthis path:<\/p>\n

 <\/span>National Cyber Alert System<\/p>\n

 <\/span>Technical Cyber
\nSecurity Alert TA05-193A<\/p>\n

 <\/span>Microsoft Windows, Internet
\nExplorer, and Word Vulnerabilities<\/p>\n

 <\/span>Original release date: July 12, 2005
\n <\/span>Last revised: —
\n <\/span>Source: US-CERT<\/p>\n

Systems Affected<\/p>\n

 <\/span>* Microsoft Windows
\n <\/span>* Microsoft Office
\n <\/span>* Microsoft Internet Explorer<\/p>\n

 <\/span>For more complete information, refer
\nto the Microsoft Security
\n <\/span>Bulletin Summary for July, 2005.<\/p>\n

Overview<\/p>\n

 <\/span>Microsoft has released updates that
\naddress critical vulnerabilities
\n <\/span>in Windows, Office, and Internet
\nExplorer. Exploitation of these
\n <\/span>vulnerabilities could allow a remote,
\nunauthenticated attacker to
\n <\/span>execute arbitrary code on an affected
\nsystem.<\/p>\n

I.<\/st1:place> Description<\/p>\n

 <\/span>Microsoft Security Bulletins for July,
\n2005 address vulnerabilities in
\n <\/span>Windows, Office, and Internet
\nExplorer. Further information is
\n <\/span>available in the following
\nVulnerability Notes:<\/p>\n

 <\/span>VU#218621 – Microsoft Word buffer
\noverflow in font processing routine<\/p>\n

 <\/span>A buffer overflow in the font processing
\nroutine of Microsoft Word may
\n <\/span>allow a remote attacker to execute
\ncode on a vulnerable system.
\n <\/span>(CAN-2005-0564)<\/p>\n

 <\/span>VU#720742 – Microsoft Color Management
\nModule buffer overflow during
\n <\/span>profile tag validation<\/p>\n

 <\/span>Microsoft Color Management Module
\nfails to properly validate input
\n <\/span>data, allowing a remote attacker to
\nexecute arbitrary code.
\n <\/span>(CAN-2005-1219)<\/p>\n

 <\/span>VU#939605 – JVIEW Profiler
\n(javaprxy.dll) COM object contains an
\n <\/span>unspecified vulnerability<\/p>\n

 <\/span>The JVIEW Profiler COM object contains
\nan unspecified vulnerability,
\n <\/span>which may allow a remote attacker to
\nexecute arbitrary code on a
\n <\/span>vulnerable system.
\n <\/span>(CAN-2005-2087)<\/p>\n

II. Impact<\/p>\n

 <\/span>Exploitation of these vulnerabilities
\ncould allow a remote,
\n <\/span>unauthenticated attacker to execute
\narbitrary code with the privileges
\n <\/span>of the user. If the user is logged on
\nwith administrative privileges,
\n <\/span>the attacker could take control of an
\naffected system.<\/p>\n

III. Solution<\/p>\n

Apply Updates<\/p>\n

 <\/span>Microsoft has provided the updates for
\nthese vulnerabilities in the
\n <\/span>Security Bulletins and on the
\nMicrosoft Update site.<\/p>\n

Workarounds<\/p>\n

 <\/span>Please see the individual
\nVulnerability Notes for workarounds.<\/p>\n

Appendix A. References<\/p>\n

 <\/span>* Microsoft Security Bulletin
\nSummary for July, 2005
\n <\/span><http:\/\/www.microsoft.com\/technet\/security\/bulletin\/ms05-jul.mspx<\/a>><\/p>\n

 <\/span>* US-CERT Vulnerability Note
\nVU#218621
\n <\/span><http:\/\/www.kb.cert.org\/vuls\/id\/218621<\/a>><\/p>\n

 <\/span>* US-CERT Vulnerability Note
\nVU#720742
\n <\/span><http:\/\/www.kb.cert.org\/vuls\/id\/720742<\/a>><\/p>\n

 <\/span>* US-CERT Vulnerability Note
\nVU#939605
\n <\/span><http:\/\/www.kb.cert.org\/vuls\/id\/939605<\/a>><\/p>\n

 <\/span>* CAN-2005-0564
\n <\/span><http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CAN-2005-0564<\/a>><\/p>\n

 <\/span>* CAN-2005-1219
\n <\/span><http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CAN-2005-1219<\/a>>
\n <\/span>
\n <\/span>* CAN-2005-2087
\n <\/span><http:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CAN-2005-2087<\/a>>
\n <\/span>
\n <\/span>* Microsoft Update
\n <\/span><http:\/\/update.microsoft.com\/<\/a>><\/p>\n

 <\/span>* Microsoft Update Overview
\n <\/span><http:\/\/www.microsoft.com\/technet\/prodtechnol\/microsoftupdate\/defa<\/a>
\n <\/span>ult.mspx><\/p>\n

 <\/span>_________________________________________________________________<\/p>\n

 <\/span>Feedback can be directed to the
\nUS-CERT Technical Staff.<\/p>\n

 <\/span>Please send mail to cert@cert.org with
\nthe subject:<\/p>\n

 <\/span>"TA05-193A Feedback
\nVU#720742"
\n <\/span>_________________________________________________________________<\/p>\n

 <\/span>This document is available at<\/p>\n

 <\/span><http:\/\/www.us-cert.gov\/cas\/techalerts\/TA05-193A.html<\/a>>
\n <\/span>_________________________________________________________________<\/p>\n

 <\/span>Produced 2005 by US-CERT, a government
\norganization.
\n <\/span>_________________________________________________________________<\/p>\n

 <\/span>Terms of use<\/p>\n

 <\/span><http:\/\/www.us-cert.gov\/legal.html<\/a>>
\n <\/span>_________________________________________________________________<\/p>\n

 <\/span>Revision History<\/p>\n

 <\/span>July 12, 2005: Initial release<\/p>\n

 <\/span>Last updated July 12, 2005<\/span><\/font><\/p>\n","protected":false},"excerpt":{"rendered":"

I have been using FireFox more and more recently and was amused to find out that when I went to Microsoft Office Update I was told I need to use IE to download the required patches. I am no expert on monopolies but there seems to be something unfair about being forced into having a<\/p>\n","protected":false},"author":44,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"post_mailing_queue_ids":[],"_links":{"self":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/3472"}],"collection":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/comments?post=3472"}],"version-history":[{"count":0,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/posts\/3472\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/media?parent=3472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/categories?post=3472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.tmcnet.com\/blog\/rich-tehrani\/wp-json\/wp\/v2\/tags?post=3472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}