• See Also
• Current Updates

• Microsoft Security Resources
• Security Incidents
• Security Resources

• Juniper Networks Product Solutions for Microsoft
• Get detailed information about Juniper solutions that protect your Microsoft environment:
• SSL VPNs
• Intrusion Prevention
• Firewall / VPN Central Management34 KB
• VPN Resiliency594 KB
• Denial of Service and Attack Prevention754 KB
• Antivirus Protection55 KB

Microsoft Security Bulletins: Prior Updates

January 2005

Microsoft Security Bulletin MS05-001

Vulnerability in HTML Help Could Allow Code Execution

• HTML Help ActiveX control Cross Domain Vulnerability - CAN-2004-1043
  A cross-domain vulnerability exists in HTML Help ActiveX control that could allow information disclosure or remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page. An attacker who successfully exploited this vulnerability could take complete control of an affected system.

Microsoft Security Bulletin MS05-002

Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution

• Cursor and Icon Format Handling Vulnerability - CAN-2004-1049
  A remote code execution vulnerability exists in the way that cursor, animated cursor, and icon formats are handled. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system.
• Windows Kernel Vulnerability - CAN-2004-1305
  A denial of service vulnerability exists in the way that cursor, animated cursor, and icon formats are handled. An attacker could try to exploit the vulnerability by constructing a malicious cursor or icon file that could potentially cause the operating system to become unresponsive. The operating system would have to be restarted to restore functionality.

Microsoft Security Bulletin MS05-003

Vulnerability in the Indexing Service Could Allow Remote Code Execution

• Indexing Service Vulnerability - CAN-2004-0897
  A remote code execution vulnerability exists in the Indexing Service because of the way that it handles query validation. An attacker could exploit the vulnerability by constructing a malicious query that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system. While remote code execution is possible, an attack would most likely result in a denial of service condition.

  Login to learn more about how Juniper products can protect you from these vulnerabilities. (If you don't already have a login, see Requesting Support.)