Microsoft Security Bulletins

March 2004

2003 |December |November |October

Microsoft Security Bulletin MS04-008

Severity: Moderate
Vulnerabilities:

Windows Media Services Vulnerability - CAN-2003-0905
A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality.

Severity: Critical
Vulnerabilities:

Microsoft Outlook Vulnerability - CAN-2004-0121
A security vulnerability exists within Outlook 2002 that could allow Internet Explorer to execute script code in the Local Machine zone on an affected system. The parsing of specially crafted mailto URLs by Outlook 2002 causes this vulnerability. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page designed to exploit the vulnerability and then persuade a user to view the Web page.

Severity: Moderate
Vulnerabilities:

MSN Messenger Vulnerability - CAN-2004-0122
A security vulnerability exists in Microsoft MSN Messenger. The vulnerability exists because of the method used by MSN Messenger to handle a file request. An attacker could exploit this vulnerability by sending a specially crafted request to a user running MSN Messenger.ÊÊIf exploited successfully, the attacker could view the contents of a file on the hard drive without the user's knowledge as long as the attacker knew the location of the file and the user had read access to the file.