MinorRev: Microsoft Security Bulletin MS03-045 - Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/14/03

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)" 
    Date:         Fri, 14 Nov 2003 12:13:26 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Reason for Revision:
    V3.3 November 13, 2003: Bulletin updated to reflect correct file
    versions for Windows NT 4.0 update.

    Microsoft Security Bulletin MS03-045:
    Buffer Overrun in the ListBox and in the ComboBox Control Could Allow
    Code Execution (824141)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-045.asp

    Summary:
     Version Number: V3.3
     Revision Date: 11-13-2003
     Impact of Vulnerability: Local Elevation of Privilege
     Maximum Severity Rating: Important
     Patch(es) Replaced: MS02-071
     Caveats: None
     CVE Number(s): CAN-2003-0659

    Tested Software:
     Affected Software:
     * Microsoft Windows NT Workstation 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/5EA88ABE-8D53-4E25-959C-E80EB5FD7A91.asp>
     * Microsoft Windows NT Server 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/F3E87075-AAE5-49F4-9D37-24A116296188.asp>
     * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
    <http://www.ntbugtraq.com/link/0ADC8D90-2355-49A0-976B-57281B4521C1.asp>
     * Microsoft Windows 2000, Service Pack 2
    <http://www.ntbugtraq.com/link/01358EAC-F1C5-4CB7-BE3D-64459F4AD3FD.asp>
     * Microsoft Windows 2000 Service Pack 3, Service Pack 4
    <http://www.ntbugtraq.com/link/379F234D-CE7E-4897-8D29-0764997F1E42.asp>
     * Microsoft Windows XP Gold, Service Pack 1
    <http://www.ntbugtraq.com/link/ABC764AC-5B7B-4B99-BF3E-F57352E4C507.asp>
     * Microsoft Windows XP 64 bit Edition
    <http://www.ntbugtraq.com/link/3E7B03BF-2231-4069-B76F-0BD69CF6E1D9.asp>
     * Microsoft Windows XP 64 bit Edition Version 2003
    <http://www.ntbugtraq.com/link/E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA.asp>
     * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/02F97DE4-29DF-4D33-A33B-E7630349E69E.asp>
     * Microsoft Windows Server 2003 64 bit Edition
    <http://www.ntbugtraq.com/link/E4BD7C05-EA0E-49C7-9BDD-ABB496CA87CA.asp>

     Software Not Affected:
     * Microsoft Windows Millennium Edition

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.2)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Russ: "MinorRev: Microsoft Security Bulletin MS03-043 - Buffer Overrun in Messenger Service Could Allow Code Execution (828035)"
    • Quantcast