=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN072
_____________________________________________________________________

DATE                      : 09/02/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 98, Windows Me, Windows 2000,
                               Windows XP, Windows Server 2003,
                               systems running Exchange Server, Office XP,
                                 Office 2003.

======================================================================

MS05-012
Title:  Vulnerability in OLE and COM Could Allow Remote Code
Execution (873333)
Affected Software:
  - Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000
Service Pack 4
  - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP
Service Pack 2
  - Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
  - Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
  - Microsoft Windows Server 2003
  - Microsoft Windows Server 2003 for Itanium-based Systems
  - Microsoft Exchange 2000 Server Service Pack 3 (uses the Windows
OLE component)
  - Microsoft Exchange Server 2003 and Microsoft Exchange Server 2003
Service Pack 1 (uses the Windows OLE component)
  - Microsoft Exchange Server 5.0 Service Pack 2 (uses the Windows OLE
component)
  - Microsoft Exchange Server 5.5 Service Pack 4 (uses the Windows OLE
component)
  - Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),
and Microsoft Windows Millennium Edition (ME) - Review the FAQ
section of this bulletin for details about these operating systems.
  - Microsoft Office XP Service Pack 3 (uses the Windows OLE
component)
  - Microsoft Office XP Service Pack 2 (uses the Windows OLE
component)
  - Microsoft Office XP Software:
  - Outlook 2002
  - Word 2002
  - Excel 2002
  - PowerPoint(r) 2002
  - FrontPage(r) 2002
  - Publisher 2002
  - Access 2002
  - Microsoft Office 2003 Service Pack 1 (Uses the Windows OLE
component)
  - Microsoft Office 2003 (Uses the Windows OLE component)
  - Microsoft Office 2003 Software:
  - Outlook 2003
  - Word 2003
  - Excel 2003
  - PowerPoint(r) 2003
  - FrontPage(r) 2003
  - Publisher 2003
  - Access 2003
  - InfoPath(tm) 2003
  - OneNote(tm) 2003

Impact of Vulnerability:  Remote Code Execution

Maximum Severity Rating:  Critical

Restart required: Yes

Update can be uninstalled:  Yes

More information on this vulnerability is available at:
http://www.microsoft.com/technet/security/bulletin/MS05-012.mspx

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================