MinorRev: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/14/03

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)" 
    Date:         Fri, 14 Nov 2003 12:13:18 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Reason for Revision:
    V2.1 November 13, 2003: Bulletin updated to reflect correct file
    versions for Windows XP update.

    Microsoft Security Bulletin MS03-043:
    Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-043.asp

    Summary:
     Version Number: V2.1
     Revision Date: 11-13-2003
     Impact of Vulnerability: Remote Code Execution
     Maximum Severity Rating: Critical
     Patch(es) Replaced: None
     Caveats: None
     CVE Number(s): CAN-2003-0717

    Tested Software:
     Affected Software:
     * Microsoft Windows NT Workstation 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/7597FCF4-6615-4074-9E46-A17D808ED38D.asp>
     * Microsoft Windows NT Server 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/B1949456-996A-485A-9A28-79FD79F26A1B.asp>
     * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
    <http://www.ntbugtraq.com/link/64AB4B66-1A6E-4264-93A8-26CDB98B05A8.asp>
     * Microsoft Windows 2000, Service Pack 2, Service Pack 3, Service Pack
    4
    <http://www.ntbugtraq.com/link/99F1B40D-906A-4945-A021-4B494CCCBDE0.asp>
     * Microsoft Windows XP Gold, Service Pack 1
    <http://www.ntbugtraq.com/link/F02DA309-4B0A-4438-A0B9-5B67414C3833.asp>
     * Microsoft Windows XP 64-bit Edition
    <http://www.ntbugtraq.com/link/2BE95254-4C65-4CA5-80A5-55FDF5AA2296.asp>
     * Microsoft Windows XP 64-bit Edition Version 2003
    <http://www.ntbugtraq.com/link/8B990946-84C8-4C91-899C-5A44EC13174E.asp>
     * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/1DF106F3-7EC4-4EB0-9143-C1E3C9E2F5F8.asp>
     * Microsoft Windows Server 2003 64-bit Edition
    <http://www.ntbugtraq.com/link/8B990946-84C8-4C91-899C-5A44EC13174E.asp>

     Software Not Affected:
     * Microsoft Windows Millennium Edition

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.2)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)"