05.2.1 CVE: CAN-2004-1043 Platform: Windows Title: Windows HTML Help Code Execution Description: A cross-domain vulnerability exists in Windows HTML Help ActiveX control that could allow information disclosure or remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious web page that could allow remote code execution if an unsuspecting user visits that page. All windows systems are affected. Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-001.mspx ______________________________________________________________________ 05.2.2 CVE: CAN-2004-1049 Platform: Windows Title: Windows User32.DLL Buffer Overflow Description: Windows ANI (Animated Cursor Files) handler component in user32.dll is affected by a stack based buffer overflow issue. The issue exists because the user-specified length of an ANI file header is directly used in the "memcpy()" operation without boundary checks. All versions of Microsoft Windows are vulnerable to this issue. Ref: http://www.microsoft.com/technet/security/bulletin/MS05-002.mspx ______________________________________________________________________ 05.2.3 CVE: CAN-2004-0897 Platform: Windows Title: Windows Indexing Service Buffer Overflow Description: Microsoft Indexing Service is used to manage, query, and index information in file systems or Web servers. Microsoft Indexing Service is affected by a buffer overflow vulnerability. Microsoft has released a security advisory to solve this issue. Ref: http://www.microsoft.com/technet/security/Bulletin/MS05-003.mspx ______________________________________________________________________