MinorRev: Microsoft Security Bulletin MS03-041 - Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 11/18/03

  • Next message: Steven M. Christey: "Re: Security researchers organization" 
    Date:         Tue, 18 Nov 2003 16:53:23 -0500
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Reason for Revision:
    V1.2 November 17, 2003: Updated "File Information" for all platforms in
    the "Security Patch Information" sections.

    Microsoft Security Bulletin MS03-041:
    Vulnerability in Authenticode Verification Could Allow Remote Code
    Execution (823182)

    Bulletin URL:
    http://www.microsoft.com/technet/security/bulletin/MS03-041.asp

    Summary:
     Version Number: V1.2
     Revision Date: 11-17-2003
     Impact of Vulnerability: Remote Code Execution
     Maximum Severity Rating: Critical
     Patch(es) Replaced: None
     Caveats: None
     CVE Number(s): CAN-2003-0660

    Tested Software:
     Affected Software:
     * Microsoft Windows NT Workstation 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/921466F5-BC40-4E8E-BB57-6B81B57C21B6.asp>
     * Microsoft Windows NT Server 4.0, Service Pack 6a
    <http://www.ntbugtraq.com/link/21F64FF0-9175-42BE-A8E4-BDC59A98BDF2.asp>
     * Microsoft Windows NT Server 4.0, Terminal Server Edition, Service
    Pack 6
    <http://www.ntbugtraq.com/link/C6688576-4682-4A30-BBD7-1817F2944890.asp>
     * Microsoft Windows 2000, Service Pack 2
    <http://www.ntbugtraq.com/link/C862E049-58B2-4486-8D98-23183D7EE17D.asp>
     * Microsoft Windows 2000, Service Pack 3, Service Pack 4
    <http://www.ntbugtraq.com/link/90D27AEC-7D2A-45FD-B85A-E98E574338F1.asp>
     * Microsoft Windows XP Gold, Service Pack 1
    <http://www.ntbugtraq.com/link/6CDF5303-D767-4D68-9BA7-055E93E87847.asp>
     * Microsoft Windows XP 64-bit Edition
    <http://www.ntbugtraq.com/link/D92EF2E8-C03A-43C0-B428-D76C4B669151.asp>
     * Microsoft Windows XP 64-bit Edition Version 2003
    <http://www.ntbugtraq.com/link/4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11.asp>
     * Microsoft Windows Server 2003
    <http://www.ntbugtraq.com/link/135D8C00-7B4B-4C21-8EAA-D58814635E0D.asp>
     * Microsoft Windows Server 2003 64-bit Edition
    <http://www.ntbugtraq.com/link/4DFF5AAB-FA62-4B81-9C08-5C9FCB905E11.asp>

     Software Not Affected:
     * Microsoft Windows Millennium Edition

    This email is sent to NTBugtraq automagically as a service to my
    subscribers. (v2.2)

    Cheers,
    Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor

    -----
    Marcus Ranum's new book "The Myth of Homeland Security" is now out and
    is available from http://www.amazon.com/ranum In this hard-hitting
    review of the homeland security business, Ranum shows us how the problem
    is vastly harder than it's being made to sound, and how special
    interests, *** covering, and bureaucracy are threatening to derail any
    chance of making progress.
    -----

  • Next message: Steven M. Christey: "Re: Security researchers organization"