Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2008 > IN05-002: SANS Top 20 Internet Security Vulnerabilities Q2 2005

Institutional links

SANS Top 20 Internet Security Vulnerabilities Q2 2005

IN05-002
Date: 25 July 2005

Purpose

This information note is issued to draw attention to the release of the SANS Top 20 Q2 2005 Critical Vulnerability Update on July 25th 2005.

PS has also participated in a joint announcement of the list with the SANS Institute and the governments of the United States and the United Kingdom.

Assessment

The SANS Top 20 Q2 2005 Critical Vulnerability Update is available at: www.sans.org

Top Vulnerabilities to Windows Systems

  • Microsoft Internet Explorer Multiple Vulnerabilities (MS05-020 and MS05-025)
  • Microsoft Exchange Server Extended Verb Overflow (MS05-021)
  • Windows Message Queuing Service Overflow (MS05-017)
  • Windows SMB Protocol Processing Overflow (MS05-027)
  • Windows HTML Help File Parsing Overflow (MS05-026)
  • Windows Shell Remote Code Execution (MS05-016)

Other Products

  • Computer Associates BrightStor ARCServe Backup Overflow
  • Veritas Backup Software Multiple Vulnerabilities
  • Computer Associates and Zone Alarm Vet Library Overflow
  • Oracle Cumulative Update April 2005
  • RealNetworks RealPlayer Multiple Vulnerabilities
  • Apple iTunes MPEG4 File Processing Overflow
  • Mozilla and Firefox Browsers Multiple Vulnerabilities
  • Apple Cumulative Security Update 2005-005 and 2005-006

top of page

Suggested action

PS highly recommends that system administrators consult the top 20 list and ensure that their systems have been hardened against attacks based on these vulnerabilities.

top of page

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2008-12-11
Top of Page
Top of Page
Important Notices