34 KBMicrosoft Security Bulletins
October 2003
Prior Updates:
2007
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2006
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2005
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
2004
|December
|November
|October
|September
|August
|July
|June
|May
|April
|March
|February
|January
October 2003
Microsoft Security Bulletin MS03-041
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)
Severity: CriticalVulnerabilities:
- Authenticode Vulenrability - CAN-2003-0660
There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog.
Microsoft Security Bulletin MS03-042
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
Severity: CriticalVulnerabilities:
- Windows Troubleshooter ActiveX Control Buffer Overflow - CAN-2003-0662
A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user's system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000.
Microsoft Security Bulletin MS03-043
Buffer Overrun in Messenger Service Could Allow Code Execution (828035)
Severity: CriticalVulnerabilities:
- Messenger Service Buffer Overrun - CAN-2003-0717
A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer.
Microsoft Security Bulletin MS03-044
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)
Severity: CriticalVulnerabilities:
- Windows Help and Support Center Buffer Overrun - CAN-2003-0711
An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker's choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.
Microsoft Security Bulletin MS03-045
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)
Severity: ImportantVulnerabilities:
- ListBox and ComboBox Control Buffer Overrun - CAN-2003-0659
An attacker who had the ability to log on to a system interactively could run a program that could send a specially-crafted Windows message to any applications that have implemented the ListBox control or the ComboBox control, causing the application to take any action an attacker specified. This could give an attacker complete control over the system by using Utility Manager in Windows 2000.
Microsoft Security Bulletin MS03-046
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)
Severity: CriticalVulnerabilities:
- Exchange Server Vulnerability - CAN-2003-0714
In Exchange Server 5.0 and Exchange Server 5.5, a security vulnerability exists in the Internet Mail Service that could allow an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted extended verb request that could allocate a large amount of memory. This could shut down the Internet Mail Service or could cause the server to stop responding because of a low memory condition.
Microsoft Security Bulletin MS03-047
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489)
Severity: ModerateVulnerabilities:
- Exchange Server 5.5 Outlook Web Access Cross-Site Scripting Vulnerability - CAN-2003-0712
An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf. The script would execute in the security context of the user. If the script executes in the security context of the user, the attacker's code could then execute by using the security settings of the OWA Web site (or of a Web site that is hosted on the same server as the OWA Web site) and could enable the attacker to access any data belonging to the site where the user has access.