Skip to content

J-Security Center

Latest Attack Object Updates
  • IDP Daily Update #1312
    posted: 11/18/08
  • NSM Daily Update #1312
    posted: 11/18/08
  • Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
    posted: 11/18/08
  • Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
    posted: 11/18/08
  • Deep Inspection 5.0 #1132
    posted: 04/01/08
  • Antivirus
    posted: 11/17/08
Microsoft Security Bulletins

December 2004

Prior Updates:

2008 |November |October |September |August |July |June |May |April |March |February |January
2007 |December |November |October |September |August |July |June |May |April |March |February |January
2006 |December |November |October |September |August |July |June |May |April |March |February |January
2005 |December |November |October |September |August |July |June |May |April |March |February |January
2004 |December |November |October |September |August |July |June |May |April |March |February |January
2003 |December |November |October

lock icon Login to learn more about how Juniper Networks products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)

December 2004

Microsoft Security Bulletin MS04-040

Cumulative Security Update for Internet Explorer (889293)

Severity: Critical
Vulnerabilities:
  • HTML Elements Vulnerability - CAN-2004-1050
    A remote code execution vulnerability exists in Internet Explorer that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web Page that could potentially allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS04-041

Vulnerability in WordPad Could Allow Code Execution (885836)

Severity: Important
Vulnerabilities:
  • Table Conversion Vulnerability - CAN-2004-0571
    A remote code execution vulnerability exists in the Microsoft Word for Windows 6.0 Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
  • Font Conversion Vulnerability - CAN-2004-0901
    A remote code execution vulnerability exists in the Microsoft Word for Windows 6.0 Converter. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.

Microsoft Security Bulletin MS04-042

Vulnerability in DHCP Could Allow Remote Code Execution and Denial Of Service (885249)

Severity: Important
Vulnerabilities:
  • MachineName Vulnerability - CAN-2004-0899
    A denial of service vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server. An attacker could cause the DHCP Server service to stop responding.
  • HardwareAddress Vulnerability - CAN-2004-0900
    A remote code execution vulnerability exists that could allow an attacker to send a specially crafted DHCP message to a DHCP server. However, attempts to exploit this vulnerability would most likely result in a denial of service of the DHCP Server service.

Microsoft Security Bulletin MS04-043

Vulnerability in HyperTerminal Could Allow Code Execution (873339)

Severity: Important
Vulnerabilities:
  • HyperTerminal Vulnerability - CAN-2004-0568
    A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. An attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. . This vulnerability could be used through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability

Microsoft Security Bulletin MS04-044

Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Severity: Important
Vulnerabilities:
  • Windows Kernel Vulnerability - CAN-2004-0893
    A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow a logged on user to take complete control of the system.
  • LSASS Vulnerability - CAN-2004-0894
    A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow a logged on user to take complete control of the system.

Microsoft Security Bulletin MS04-045

Vulnerability in WINS Could Allow Remote Code Execution (870736)

Severity: Important
Vulnerabilities:
  • Name Validation Vulnerability - CAN-2004-0567
    A remote code execution vulnerability exists in WINS because of the way that it handles computer name validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
  • Association Context Vulnerability - CAN-2004-1080
    A remote code execution vulnerability exists in WINS because of the way that it handles association context validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, attempts to exploit this vulnerability would most likely result in a denial of service on Windows Server 2003. The service would have to be restarted to restore functionality.