MS05-015: Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS05-014: Cumulative Security Update for Internet Explorer (867282)   08 Feb 2005 00:00 GMT
This update resolves several newly-discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS05-013: Vulnerability in the DHTML Editing ActiveX Control could allow code execution (891781)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, public vulnerability. A vulnerability exists in the DHTML Editing ActiveX control that could allow Information Disclosure or, at worst remote code execution on an affected system. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS05-012: Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)   08 Feb 2005 00:00 GMT
This update resolves several newly-discovered, privately-reported vulnerabilities. Each vulnerability is documented in this bulletin in its own “Vulnerability Details” section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could install then programs; view, change, or delete data; or create new accounts with full user rights.
Source: TechNet

MS05-011: Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Source: TechNet

MS05-010: Vulnerability in the License Logging Service Could Allow Code Execution (885834)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Source: TechNet

MS05-009: Vulnerability in PNG Processing Could Lead to Buffer Overrun (890261)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, public vulnerability. A buffer overrun vulnerability exists in the processing of PNG image formats that could allow remote code execution on an affected system. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Source: TechNet

MS05-008: Vulnerabilty in Windows Shell Could Allow Remote Code Execution (890047)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Source: TechNet

MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, privately-reported vulnerability. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited this vulnerability could remotely read the user names for users who have an open connection to an available shared resource.
Source: TechNet

MS05-006: Vulnerability in Windows SharePoint Services and SharePoint Team Services Could Allow Cross-Site Scripting and Spoofing Attacks (887891)   08 Feb 2005 00:00 GMT
This update resolves a newly-discovered, privately-reported vulnerability. A cross-site scripting and spoofing vulnerability exists in the affected software that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the “Vulnerability Details” section of this bulletin. An attacker who successfully exploited the vulnerability could manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches. They may also be able to exploit the vulnerability to perform cross-site scripting attacks.
Source: TechNet