ActiveWin.com: Support Center

Security Bulletin Name, Brief Description	ID Number, Date/Link
Buffer Overrun in Microsoft FrontPage Server Extensions Could Allow Code Execution (813360): The first vulnerability exists because of a buffer overrun in the remote debug functionality of FrontPage Server Extensions. This functionality enables users to remotely connect to a server running FrontPage Server Extensions and remotely debug content using, for example, Visual Interdev. An attacker who successfully exploited this vulnerability could be able to run code with IWAM_machinename account privileges on an affected system, or could cause FrontPage Server Extensions to fail. The second vulnerability is a Denial of Service vulnerability that exists in the SmartHTML interpreter. This functionality is made up of a variety of dynamic link library files, and exists to support certain types of dynamic web content. An attacker who successfully exploited this vulnerability could cause a server running Front Page Server Extensions to temporarily stop responding to requests.	(MS03-051)
	November 11, 2003
Vulnerability in Microsoft Word and Microsoft Excel Could Allow Arbitary Code to run. (831527): A security vulnerability exists in Microsoft Excel that could allow malicious code execution. This vulnerability exists because of the method Excel uses to check the spreadsheet before reading the macro instructions. If successfully exploited, an attacker could craft a malicious file that could bypass the macro security model. If an affected spreadsheet was opened, this vulnerability could allow a malicious macro embedded in the file to be executed automatically, regardless of the level at which the macro security is set. The malicious macro could then take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.	(MS03-050)
	November 11, 2003
Buffer Overrun in the Workstation Service Could Allow Code Execution (828749): A security vulnerability exists in the Workstation service that could allow remote code execution on an affected system. This vulnerability results because of an unchecked buffer in the Workstation service. If exploited, an attacker could gain System privileges on an affected system, or could cause the Workstation service to fail. An attacker could take any action on the system, including installing programs, viewing data, changing data, or deleting data, or creating new accounts with full privileges.	(MS03-049)
	November 11, 2003
Cumulative Security Update for Internet Explorer (824145): This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates five newly-discovered vulnerabilities.	(MS03-048)
	November 12, 2003
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (828489): A cross-site scripting (XSS) vulnerability results due to the way that Outlook Web Access (OWA) performs HTML encoding in the Compose New Message form. An attacker could seek to exploit this vulnerability by having a user run script on the attacker's behalf. The script would execute in the security context of the user. If the script executes in the security context of the user, the attacker's code could then execute by using the security settings of the OWA Web site (or of a Web site that is hosted on the same server as the OWA Web site) and could enable the attacker to access any data belonging to the site where the user has access.	(MS03-047)
	October 15, 2003
Vulnerability in Exchange Server Could Allow Arbitrary Code Execution (822363): In Exchange 2000 Server, a security vulnerability exists that could allow an unauthenticated attacker to connect to the SMTP port on an Exchange server and issue a specially-crafted extended verb request. That request could cause a denial of service that is similar to the one that could occur on Exchange 5.5. Additionally, if an attacker issues the request with carefully chosen data, the attacker could cause a buffer overrun that could allow the attacker to run malicious programs of their choice in the security context of the SMTP service.	(MS03-046)
	October 15, 2003
Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141): A vulnerability exists because the ListBox control and the ComboBox control both call a function, which is located in the User32.dll file, that contains a buffer overrun. The function does not correctly validate the parameters that are sent from a specially-crafted Windows message. Windows messages provide a way for interactive processes to react to user events (for example, keystrokes or mouse movements) and to communicate with other interactive processes. A security vulnerability exists because the function that provides the list of accessibility options to the user does not correctly validate Windows messages that are sent to it. One process in the interactive desktop could use a specific Windows message to cause the ListBox control or the ComboBox control to execute arbitrary code. Any program that implements the ListBox control or the ComboBox control could allow code to be executed at an elevated level of administrative credentials, as long as the program is running at an elevated level of privileges (for example, Utility Manager in Windows 2000). This could include third-party applications.	(MS03-045)
	October 15, 2003
Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119): A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer. An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.	(MS03-044)
	October 15, 2003
Buffer Overrun in Messenger Service Could Allow Code Execution (828035): A security vulnerability exists in the Messenger Service that could allow arbitrary code execution on an affected system. The vulnerability results because the Messenger Service does not properly validate the length of a message before passing it to the allocated buffer. An attacker who successfully exploited this vulnerability could be able to run code with Local System privileges on an affected system, or could cause the Messenger Service to fail. The attacker could then take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.	(MS03-043)
	October 15, 2003
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232): A security vulnerability exists in the Microsoft Local Troubleshooter ActiveX control. The vulnerability exists because the ActiveX control (Tshoot.ocx) contains a buffer overflow that could allow an attacker to run code of their choice on a user’s system. Because this control is marked "safe for scripting", an attacker could exploit this vulnerability by convincing a user to view a specially crafted HTML page that references this ActiveX control. The Microsoft Local Troubleshooter ActiveX control is installed as a default part of the operating system on Windows 2000. To exploit this vulnerability, the attacker would have to create a specially formed HTML–based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability.	(MS03-042)
	October 15, 2003
Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182) : There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog. To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user’s system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user’s system. In both scenarios the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user’s system, with the same permissions as the user, without prompting the user for approval.	(MS03-041)
	October 15, 2003
Cumulative Patch for Internet Explorer (828750): A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML–based e-mail that would attempt to exploit this vulnerability. A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML–based e-mail that would attempt to exploit this vulnerability.	(MS03-040)
	October 3, 2003
Buffer Overrun In RPCSS Service Could Allow Code Execution (824146): There are three newly identified vulnerabilities in the part of RPCSS Service that deals with RPC messages for DCOM activation— two that could allow arbitrary code execution and one that could result in a denial of service. The flaws result from incorrect handling of malformed messages. These particular vulnerabilities affect the Distributed Component Object Model (DCOM) interface within the RPCSS Service. This interface handles DCOM object activation requests that are sent from one machine to another. An attacker who successfully exploited these vulnerabilities could be able to run code with Local System privileges on an affected system, or could cause the RPCSS Service to fail. The attacker could then be able to take any action on the system, including installing programs, viewing, changing or deleting data, or creating new accounts with full privileges.	(MS03-039)
	September 10, 2003
Unchecked buffer in Microsoft Access Snapshot Viewer Could Allow Code Execution (827104): A vulnerability exists because of a flaw in the way that Snapshot Viewer validates parameters. Because the parameters are not correctly checked, a buffer overrun can occur, which could allow an attacker to execute the code of their choice in the security context of the logged-on user. For an attack to be successful, an attacker would have to persuade a user to visit a malicious Web site that is under the attacker’s control.	(MS03-038)
	September 3, 2003
Flaw in Visual Basic for Applications Could Allow Arbitrary Code execution (822715): A flaw exists in the way VBA checks document properties passed to it when a document is opened by the host application. A buffer overrun exists which if exploited successfully could allow an attacker to execute code of their choice in the context of the logged on user.	(MS03-037)
	September 3, 2003
Buffer Overrun in WordPerfect Converter Could Allow Code Execution (827103): There is a flaw in the way that the Microsoft WordPerfect converter handles Corel® WordPerfect documents. A security vulnerability results because the converter does not correctly validate certain parameters when it opens a WordPerfect document, which results in an unchecked buffer. As a result, an attacker could craft a malicious WordPerfect document that could allow code of their choice to be executed if an application that used the WordPerfect converter opened the document. Microsoft Word and Microsoft PowerPoint (which are part of the Office suite), FrontPage (which is available as part of the Office suite or separately), Publisher, and Microsoft Works Suite can all use the Microsoft Office WordPerfect converter.	(MS03-036)
	September 3, 2003
Flaw in Microsoft Word Could Enable Macros to Run Automatically (827653): A vulnerability exists because it is possible for an attacker to craft a malicious document that will bypass the macro security model. If the document was opened, this flaw could allow a malicious macro embedded in the document to be executed automatically, regardless of the level at which macro security is set. The malicious macro could take the same actions that the user had permissions to carry out, such as adding, changing or deleting data or files, communicating with a web site or formatting the hard drive.	(MS03-035)
	September 3, 2003
Flaw in NetBIOS Could Lead to Information Disclosure (824105): This vulnerability involves one of the NetBT (NetBIOS over TCP) services, namely, the NetBIOS Name Service (NBNS). NBNS is analogous to DNS in the TCP/IP world and it provides a way to find a system’s IP address given its NetBIOS name, or vice versa. Under certain conditions, the response to a NetBT Name Service query may, in addition to the typical reply, contain random data from the target system’s memory. This data could, for example, be a segment of HTML if the user on the target system was using an Internet browser, or it could contain other types of data that exist in memory at the time that the target system responds to the NetBT Name Service query.	(MS03-034)
	September 3, 2003
Unchecked Buffer in MDAC Function Could Enable System Compromise (823718): MDAC provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Due to a flaw in a specific MDAC component, an attacker could respond to this request with a specially crafted packet that could cause a buffer overflow.	(MS03-033)
	August 20, 2003
Cumulative Patch for Internet Explorer (822925): This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates newly discovered vulnerabilities	(MS03-032)
	August 20, 2003
Cumulative Patch for Microsoft SQL Server (815495): This is a cumulative patch that includes the functionality of all previously released patches for SQL Server 7.0, SQL Server 2000, MSDE 1.0, and MSDE 2000. In addition, it eliminates three newly discovered vulnerabilities.	(MS03-031)
	July 23, 2003
Unchecked Buffer in DirectX Could Enable System Compromise (819696): There are two buffer overruns with identical effects in the function used by DirectShow to check parameters in a Musical Instrument Digital Interface (MIDI) file. A security vulnerability results because it could be possible for a malicious user to attempt to exploit these flaws and execute code in the security context of the logged-on user.	(MS03-030)
	July 23, 2003
Flaw in Windows Function Could Allow Denial of Service (823803): A flaw exists in a Windows NT 4.0 Server file management function that can cause a denial of service vulnerability. The flaw results because the affected function can cause memory that it does not own to be freed when a specially crafted request is passed to it. If the application making the request to the function does not carry out any user input validation and allows the specially crafted request to be passed to the function, the function may free memory that it does not own. As a result, the application passing the request could fail.	(MS03-029)
	July 23, 2003
Flaw in ISA Server Error Pages Could Allow Cross-Site Scripting Attack: ISA Server contains a number of HTML-based error pages that allow the server to respond to a client requesting a Web resource with a customized error. A cross-site scripting vulnerability exists in many of these error pages that are returned by ISA Server under specific error conditions. To exploit this flaw, an attacker would have to first be aware of a specific ISA server and its access policies or host an ISA server of their own and create specific access policies designed to exploit this vulnerability. The attacker could then craft a request to trigger a page refusal. Once the attack was crafted, the attacker would have to host a Web site containing the link, or send the link to the user in the form of an HTML e-mail. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction. In the Web-based attack scenario, an attacker would have no way to force a user to visit the Web site.	(MS03-028)
	July 16, 2003
Unchecked Buffer in Windows Shell Could Enable System Compromise: The Windows shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows desktop. It also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start programs. An unchecked buffer exists in one of the functions used by the Windows shell to extract custom attribute information from certain folders. A security vulnerability results because it is possible for a malicious user to construct an attack that could exploit this flaw and execute code on the user’s system. An attacker could seek to exploit this vulnerability by creating a Desktop.ini file that contains a corrupt custom attribute, and then host it on a network share. If a user were to browse the shared folder where the file was stored, the vulnerability could then be exploited. A successful attack could have the effect of either causing the Windows shell to fail, or causing an attacker’s code to run on the user’s computer in the security context of the user.	(MS03-027)
	July 17, 2003
Buffer Overrun In RPC Interface Could Allow Code Execution: Microsoft originally released this bulletin and patch on July 16, 2003 to correct a security vulnerability in a Windows Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) interface. The patch was and still is effective in eliminating the security vulnerability. However, the “mitigating factors” and “workarounds” discussions in the original security bulletin did not clearly identify all of the ports by which the vulnerability could potentially be exploited. We have updated this bulletin to more clearly enumerate the ports over which RPC services can be invoked, and to ensure that customers who have chosen to implement a workaround before installing the patch have the information that they need to protect their systems. Customers who have already installed the patch are protected from attempts to exploit this vulnerability, and need take no further action.	(MS03-026)
	July 18, 2003
Flaw in Windows Message Handling through Utility Manager Could Enable Privilege Elevation: Microsoft Windows 2000 contains support for Accessibility options within the operating system. Accessibility support is a series of assistive technologies within Windows that allow users with disabilities to still be able to access the functions of the operating system. Accessibility support is enabled or disabled through shortcuts built into the operating system, or through the Accessibility Utility Manager. Utility Manager is an accessibility utility that allows users to check the status of accessibility programs (Microsoft Magnifier, Narrator, On–Screen Keyboard) and to start or stop them.	(MS03-025)
	July 09, 2003
Buffer Overrun in Windows Could Lead to Data Corruption: Server Message Block (SMB) is the Internet Standard protocol that Windows uses to share files, printers, serial ports, and to communicate between computers using named pipes and mail slots. In a networked environment, servers make file systems and resources available to clients. Clients make SMB requests for resources, and servers make SMB responses in what’s described as a client server request-response protocol. A flaw exists in the way that the server validates the parameters of an SMB packet. When a client system sends an SMB packet to the server system, it includes specific parameters that provide the server with a set of “instructions.” In this case, the server is not properly validating the buffer length established by the packet. If the client specifies a buffer length that is less than what is needed, it can cause the buffer to be overrun.	(MS03-024)
	July 09, 2003
Buffer Overrun In HTML Converter Could Allow Code Execution: There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.	(MS03-023)
	July 09, 2003
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution: There is a flaw in the way nsiislog.dll processes incoming client requests. A vulnerability exists because an attacker could send specially formed HTTP request (communications) to the server that could cause IIS to fail or execute code on the user's system. Windows Media Services is not installed by default on Windows 2000. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server.	(MS03-022)
	June 25, 2003
Flaw In Windows Media Player May Allow Media Library Access: A flaw exists in the way in which the ActiveX control provides access to information on the user’s computer. A vulnerability exists because an attacker could invoke the ActiveX control from script code, which would allow the attacker to view and manipulate metadata contained in the media library on the user’s computer. To exploit this flaw, an attacker would have to host a malicious Web site that contained a Web page designed to exploit this vulnerability, and then persuade a user to visit that site—an attacker would have no way to force a user to the site. An attacker could also embed a link to the malicious site in an HTML e-mail and send it to the user. After the user previewed or opened the e-mail, the malicious site could be visited automatically without further user interaction.	(MS03-021)
	June 25, 2003
Cumulative Patch for Internet Explorer: In order to exploit these flaws, the attacker would have to create a specially formed HTML email and send it to the user. Alternatively an attacker would have to host a malicious web site that contained a web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site. As with the previous Internet Explorer cumulative patches released with bulletins MS03-004 and MS03-015, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.	(MS03-020)
	June 4, 2003
Flaw in ISAPI Extension for Windows Media Services Could Cause Code Execution: There is a flaw in the way in which nsiislog.dll processes incoming requests. A vulnerability exists because an attacker could send specially formed communications to the server that could cause IIS to fail or execute code on the user's system. Windows Media Services is not installed by default on Windows 2000, and must be downloaded to install on Windows NT 4.0. An attacker attempting to exploit this vulnerability would have to be aware which computers on the network had Windows Media Services installed on it and send a specific request to that server.	(MS03-019)
	May 28, 2003
Cumulative Patch for Internet Information Service: This patch is a cumulative patch that includes the functionality of all security patches released for IIS 4.0 since Windows NT 4.0 Service Pack 6a, and all security patches released to date for IIS 5.0 since Windows 2000 Service Pack 2 and IIS 5.1.	(MS03-018)
	May 28, 2003
Flaw in Windows Media Player Skins Downloading could allow Code Execution: Microsoft Windows Media Player provides functionality to change the overall appearance of the player itself through the use of "skins". Skins are custom overlays that consist of collections of one or more files of computer art, organized by an XML file. The XML file tells Windows Media Player how to use these files to display a skin as the user interface. In this manner, the user can choose from a variety of standard skins, each one providing an additional visual experience. Windows Media Player comes with several skins to choose from, but it is relatively easy to create and distribute custom skins.	(MS03-017)
	May 07, 2003
Cumulative Patch for BizTalk Server: Microsoft BizTalk Server is an Enterprise Integration product that allows organizations to integrate applications, trading partners, and business processes. BizTalk is used in intranet environments to transfer business documents between different back-end systems as well as extranet environments to exchange structured messages with trading partners. This patch addresses two newly reported vulnerabilities in BizTalk Server	(MS03-016)
	May 01, 2003
Cumulative Patch for Internet Explorer: This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following four newly discovered vulnerabilities.	(MS03-015)
	April 23, 2003
Cumulative Patch for Outlook Express: A vulnerability exists in the MHTML URL Handler that allows any file that can be rendered as text to be opened and rendered as part of a page in Internet Explorer. As a result, it would be possible to construct a URL that referred to a text file that was stored on the local computer and have that file render as HTML. If the text file contained script, that script would execute when the file was accessed. Since the file would reside on the local computer, it would be rendered in the Local Computer Security Zone. Files that are opened within the Local Computer Zone are subject to fewer restrictions than files opened in other security zones.	(MS03-014)
	April 23, 2003
Buffer Overrun in Windows Kernel Message Handling could Lead to Elevated Privileges: There is a flaw in the way the kernel passes error messages to a debugger. A vulnerability results because an attacker could write a program to exploit this flaw and run code of their choice. An attacker could exploit this vulnerability to take any action on the system including deleting data, adding accounts with administrative access, or reconfiguring the system.	(MS03-013)
	April 23, 2003
Flaw In Winsock Proxy Service And ISA Firewall Service Can Cause Denial Of Service: There is a flaw in the Winsock Proxy service in Microsoft Proxy Server 2.0, and the Microsoft Firewall service in ISA Server 2000, that would allow an attacker on the internal network to send a specially crafted packet that would cause the server to stop responding to internal and external requests. Receipt of such a packet would cause CPU utilization on the server to reach 100%, and thus make the server unresponsive. The Winsock Proxy service and Microsoft Firewall service work with FTP, telnet, mail, news, Internet Relay Chat (IRC), or other client applications that are compatible with Windows Sockets (Winsock). These services allow these applications to perform as if they were directly connected to the Internet. These services redirect the necessary communications functions to a Proxy Server 2.0 or ISA Server computer, thus establishing a communication path from the internal application to the Internet through it.	(MS03-012)
	April 9, 2003
Flaw in Microsoft VM Could Enable System Compromise: The present Microsoft VM, which includes all previously released fixes to the VM, has been updated to include a fix for the newly reported security vulnerability. This new security vulnerability affects the ByteCode Verifier component of the Microsoft VM, and results because the ByteCode verifier does not correctly check for the presence of certain malicious code when a Java applet is being loaded. The attack vector for this new security issue would likely involve an attacker creating a malicious Java applet and inserting it into a web page that when opened, would exploit the vulnerability. An attacker could then host this malicious web page on a web site, or could send it to a user in e-mail.	(MS03-011)
	April 9, 2003
Flaw in RPC Endpoint Mapper Could Allow Denial of Service Attacks: There is a vulnerability in the part of RPC that deals with message exchange over TCP/IP. The failure results because of incorrect handling of malformed messages. This particular vulnerabilty affects the RPC Endpoint Mapper process, which listens on TCP/IP port 135. The RPC endpoint mapper allows RPC clients to determine the port number currently assigned to a particular RPC service. To exploit this vulnerability, an attacker would need to establish a TCP/IP connection to the Endpoint Mapper process on a remote machine. Once the connection was established, the attacker would begin the RPC connection negotiation before transmitting a malformed message. At this point, the process on the remote machine would fail. The RPC Endpoint Mapper process is responsible for maintaining the connection information for all of the processes on that machine using RPC. Because the Endpoint Mapper runs within the RPC service itself, exploiting this vulnerability would cause the RPC service to fail, with the attendant loss of any RPC-based services the server offers, as well as potential loss of some COM functions.	(MS03-010)
	March 26, 2003
Flaw In ISA Server DNS Intrusion Detection Filter Can Cause Denial Of Service: A flaw exists in the ISA Server DNS intrusion detection application filter, and results because the filter does not properly handle a specific type of request when scanning incoming DNS requests. An attacker could exploit the vulnerability by sending a specially formed request to an ISA Server computer that is publishing a DNS server, which could then result in a denial of service to the published DNS server. DNS requests arriving at the ISA Server would be stopped at the firewall, and not passed through to the internal DNS server. All other ISA Server functionality would be unaffected.	(MS03-009)
	March 19, 2003
Flaw in Windows Script Engine Could Allow Code Execution: A flaw exists in the way by which the Windows Script Engine for JScript processes information. An attacker could exploit the vulnerability by constructing a web page that, when visited by the user, would execute code of the attacker's choice with the user's privileges. The web page could be hosted on a web site, or sent directly to the user in email.	(MS03-008)
	March 19, 2003
Unchecked buffer in Windows component could cause web server compromise: Microsoft Windows 2000 supports the World Wide Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV, defined in RFC 2518, is a set of extensions to the Hyper Text Transfer Protocol (HTTP) that provide a standard for editing and file management between computers on the Internet. A security vulnerability is present in a Windows component used by WebDAV, and results because the component contains an unchecked buffer.	(MS03-007)
	March 18, 2003
Flaw in Windows Me Help and Support Center Could Enable Code Execution: Help and Support Center provides a centralized facility through which users can obtain assistance on a variety of topics. For instance, it provides product documentation, assistance in determining hardware compatibility, access to Windows Update, online help from Microsoft, and other assistance. Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".	(MS03-006)
	February 26, 2003
Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation: A security vulnerability exists in the implementation of the Windows Redirector on Windows XP because an unchecked buffer is used to receive parameter information. By providing malformed data to the Windows Redirector, an attacker could cause the system to fail, or if the data was crafted in a particular way, could run code of the attacker’s choice.	(MS03-005)
	February 5, 2003
*Cumulative Patch for Internet Explorer:* In order to exploit this flaw, an attacker would have to host a malicious web site that contained a web page designed to exploit this particular vulnerability and then persuade a user to visit that site. Once the user has visited the malicious web site, it would be possible for the attacker to run malicious script by misusing a dialog box and cause that script to access information in a different domain. In the worst case, this could enable the web site operator to load malicious code onto a user's system. In addition, this flaw could also enable an attacker to invoke an executable that was already present on the local system.	(MS03-004)
	February 6. 2003
Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure: A vulnerability exists because there is a flaw in the way Outlook 2002 handles a V1 Exchange Server Security certificate when using it to encrypt e-mail. As a result of this flaw, Outlook fails to encrypt the mail correctly and the message will be sent in plain text. This could cause the information in the e-mail to be exposed when the user believed it to be protected through encryption.	(MS03-003)
	January 22, 2003
Cumulative Patch for Microsoft Content Management Server: A Cross-Site Scripting flaw exists in one of these ASP pages that could allow an attacker to insert script into the data being sent to a MCMS server. Because the server generates a web page in response to a user request made using this page, it is possible that the script could be embedded within the page that CMS generates and returns to the user, this script would then run when processed by the user’s browser. This could result in an attacker being able to access information the user shared with the legitimate site.	(MS03-002)
	January 22, 2003
Unchecked Buffer in Locator Service Could Lead to Code Execution: A security vulnerability results from an unchecked buffer in the Locator service. By sending a specially malformed request to the Locator service, an attacker could cause the Locator service to fail, or to run code of the attacker's choice on the system.	(MS03-001)
	January 22, 2003