Microsoft Security Bulletin MS05-009
Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)
Issued: February 8, 2005
Who should read this document: Customers who use Microsoft Windows Media Player, Windows Messenger and MSN Messenger
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should apply the update immediately
Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.
Tested Software and Security Update Download Locations:
?Microsoft Windows Media Player 9 Series (when running on Windows 2000, Windows XP Service Pack 1 and Windows Server 2003) ? Download the update
?Microsoft Windows Messenger version 5.0 (standalone version that can be installed on all supported operating systems) ? Download the update
?Microsoft MSN Messenger 6.1 ? Download the update
?Microsoft MSN Messenger 6.2 ? Download the update
?Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (ME) ? Review the FAQ section of this bulletin for details about these operating systems.
?Windows Media Player 6.4
?Windows Media Player 7.1
?Windows Media Player for Windows XP (8.0)
?Windows Media Player 9 Series for Windows XP Service Pack 2
?Windows Media Player 10
?MSN Messenger for Mac
Tested Microsoft Windows Components:
?Microsoft Windows Messenger version 22.214.171.1249 (when running on Windows XP Service Pack 1) ? Download the update
?Microsoft Windows Messenger version 126.96.36.19900 (when running on Windows XP Service Pack 2) ? Download the update
This update resolves a newly-discovered, public vulnerability. A remote code execution vulnerability exists in the processing of PNG image formats. The vulnerability is documented in the ?Vulnerability Details? section of this bulletin.
An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
The attachment is a result of the MBSA program that I ran. (Ver 1.2.1)
It shows a security update that could not be confirmed.
My affected software as explained in the MS05-009 bulletin would be my MSN messenger 6.2.
So when I click on that download, it shows a whole bunch of exe. files, do they suggest that I download all of those exe's.
Is there anyway that someone could explain to me how or what I should do with this information to correct the problem.