MajorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 10/30/03

  • Next message: Russ: "MajorRev: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)" 
    Date:         Thu, 30 Oct 2003 00:21:23 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Reason for Revision:
    V3.0 October 29, 2003: A revised version of the security patch for
    Windows XP has been released to correct the issue documented by
    Knowledge Base Article 830846.

    Microsoft Security Bulletin MS03-045:
    Buffer Overrun in the ListBox and in the ComboBox Control Could Allow
    Code Execution (824141)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

    Summary:
      Version Number: V3.0
      Revision Date: 10-29-2003
      Impact of Vulnerability: Local Elevation of Privilege
      Maximum Severity Rating: Important
      Patch(es) Replaced: None
      Caveats: None
      CVE Number(s): CAN-2003-065

    Tested Software:
      Affected Software:
      * Microsoft Windows NT Workstation 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/5EA88ABE-8D53-4E25-959C-E80EB5FD7A91.asp>
      * Microsoft Windows NT Server 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/F3E87075-AAE5-49F4-9D37-24A116296188.asp>
      * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
    <http://www.ntbugtraq.com/link/0ADC8D90-2355-49A0-976B-57281B4521C1.asp>
      * Microsoft Windows 2000, Service Pack 2
    <http://www.ntbugtraq.com/link/01358EAC-F1C5-4CB7-BE3D-64459F4AD3FD.asp>
      * Microsoft Windows 2000 Service Pack 3, Service Pack 4
    <http://www.ntbugtraq.com/link/379F234D-CE7E-4897-8D29-0764997F1E42.asp>
      * Microsoft Windows XP Gold, Service Pack 1
    <http://www.ntbugtraq.com/link/ABC764AC-5B7B-4B99-BF3E-F57352E4C507.asp>
      * Microsoft Windows XP 64 bit Edition
    <http://www.ntbugtraq.com/link/3E7B03BF-2231-4069-B76F-0BD69CF6E1D9.asp>
      * Microsoft Windows XP 64 bit Edition Version 2003
    <http://www.ntbugtraq.com/link/E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA.asp>
      * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/02F97DE4-29DF-4D33-A33B-E7630349E69E.asp>
      * Microsoft Windows Server 2003 64 bit Edition
    <http://www.ntbugtraq.com/link/E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA.asp>

      Software Not Affected:
      * Microsoft Windows Millennium Edition

    This email is sent to NTBugtraq automatically as a service to my
    subscribers. (v2.0)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MajorRev: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)"