MinorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/22/03

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)" 
    Date:         Tue, 21 Oct 2003 21:56:02 -0400
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Reason for Revision:
    V1.1 (October 17, 2003): Re-issued to advise of a language specific
    compatibility issue with some third-party software.

    Microsoft Security Bulletin MS03-045:
    Buffer Overrun in the ListBox and in the ComboBox Control Could Allow
    Code Execution (824141)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

    Summary:
      Version Number: V1.1
      Revision Date: 10-17-2003
      Impact of Vulnerability: Local Elevation of Privilege
      Maximum Severity Rating: Important
      Patch(es) Replaced: None
      Caveats: Subsequent to the release of this bulletin and the associated
    patches, a compatibility problem with some third party software has been
    identified with a set of language specific versions of the Windows 2000
    Service Pack 4 patch. This problem is unrelated to the security
    vulnerability discussed in this bulletin. Customers who have applied the
    patch are protected against the vulnerability discussed in this
    bulletin. More information can be found in the Technical description and
    Frequently asked questions of this bulletin.
      CVE Number(s): CAN-2003-065

    Tested Software:
      Affected Software:
      * Microsoft Windows NT Workstation 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/5EA88ABE-8D53-4E25-959C-E80EB5FD7A91.asp>
      * Microsoft Windows NT Server 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/F3E87075-AAE5-49F4-9D37-24A116296188.asp>
      * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
    <http://www.ntbugtraq.com/link/0ADC8D90-2355-49A0-976B-57281B4521C1.asp>
      * Microsoft Windows 2000, Service Pack 2
    <http://www.ntbugtraq.com/link/01358EAC-F1C5-4CB7-BE3D-64459F4AD3FD.asp>
      * Microsoft Windows 2000 Service Pack 3, Service Pack 4
    <http://www.ntbugtraq.com/link/379F234D-CE7E-4897-8D29-0764997F1E42.asp>
      * Microsoft Windows XP Gold, Service Pack 1
    <http://www.ntbugtraq.com/link/ABC764AC-5B7B-4B99-BF3E-F57352E4C507.asp>
      * Microsoft Windows XP 64 bit Edition
    <http://www.ntbugtraq.com/link/3E7B03BF-2231-4069-B76F-0BD69CF6E1D9.asp>
      * Microsoft Windows XP 64 bit Edition Version 2003
    <http://www.ntbugtraq.com/link/E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA.asp>
      * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/02F97DE4-29DF-4D33-A33B-E7630349E69E.asp>
      * Microsoft Windows Server 2003 64 bit Edition
    <http://www.ntbugtraq.com/link/E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA.asp>

      Software Not Affected:
      * Microsoft Windows Millennium Edition

    This email is sent to NTBugtraq automatically as a service to my
    subscribers. (v2.0)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-046 - Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (829436)"