ActiveWin.com: Support Center: Security Bulletins2004

Security Bulletin Name, Brief Description	ID Number, Date/Link
Vulnerability in WINS Could Allow Remote Code Execution (870763): A remote code execution vulnerability exists in WINS because of the way that it handles computer name validation. An attacker could exploit the vulnerability by constructing a malicious network packet that could potentially allow remote code execution on an affected system. An attacker who successfully exploited this vulnerability could take complete control of an affected system.	(MS04-045)
	December 14, 2004
Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835): A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow a logged on user to take complete control of the system.	(MS04-044)
	December 14, 2004
Vulnerability in HyperTerminal Could Allow Code Execution (873339): A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. An attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution. An attacker could then persuade a user to open this file. This vulnerability could attempt to be exploited through a malicious Telnet URL if HyperTerminal has been set as the default Telnet client. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, user interaction is required to exploit this vulnerability.	(MS04-043)
	December 14, 2004
Vulnerability in DHCP Could Allow Remote Code Execution and Denial of Service (885249): This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, attempts to exploit these vulnerabilities would most likely result in a denial of service of the Dynamic Host Configuration Protocol (DHCP) Server service.	(MS04-042)
	December 14, 2004
Vulnerability in WordPad Could Allow Code Execution (885836): This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.	(MS04-041)
	December 14, 2004
Cumulative Security Update for Internet Explorer (889293): If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-040)
	December 1, 2004
Vulnerability in ISA Server 2000 and Proxy Server 2.0 Could Allow Internet Content Spoofing (888258): This is a spoofing vulnerability that exists in the affected products and that could enable an attacker to spoof trusted Internet content. Users could believe they are accessing trusted Internet content when in reality they are accessing malicious Internet content, for example a malicious Web site. However, an attacker would first have to persuade a user to visit the attacker’s site to attempt to exploit this vulnerability.	(MS04-039)
	November 9, 2004
Cumulative Security Update for Internet Explorer (834707): This update resolves several newly discovered publicly and privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-038)
	Oct 12, 2004
Vulnerability in Windows Shell Could Allow Remote Code Execution (841356): This update resolves several newly-discovered, public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit these vulnerabilities.	(MS04-037)
	Oct 12, 2004
Vulnerability in NNTP Could Allow Remote Code Execution (883935): This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists within the Network News Transfer Protocol (NNTP) component of the affected operating systems. This vulnerability could potentially affect systems that do not use NNTP. This is because some programs that are listed in the affected software section require that the NNTP component be enabled before you can install them. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.	(MS04-036)
	Oct 12, 2004
Vulnerability in SMTP Could Allow Remote Code Execution (885881): This update resolves a newly-discovered vulnerability. A remote code execution vulnerability exists in the Simple Mail Transfer Protocol (SMTP) component that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.	(MS04-035)
	Oct 12, 2004
Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376): This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the way that Windows processes Compressed (zipped) Folders. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.	(MS04-034)
	Oct 12, 2004
Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836): This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in Microsoft Excel. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-033)
	Oct 12, 2004
Security Update for Microsoft Windows (840987): This update resolves several newly-discovered, privately reported vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.	(MS04-032)
	Oct 12, 2004
Vulnerability in NetDDE Could Allow Remote Code Execution (841533): This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Network Dynamic Data Exchange (NetDDE) services because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. However, the NetDDE services are not started by default and would have to be manually started, or started by an application that requires NetDDE, for an attacker to attempt to remotely exploit this vulnerability.	(MS04-031)
	Oct 12, 2004
Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151): This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could cause WebDAV to consume all available memory and CPU time on an affected server. This behavior could cause a denial of service. The IIS service would have to be restarted to restore functionality.	(MS04-030)
	Oct 12, 2004
Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350) : This update resolves a newly-discovered, privately reported vulnerability. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the vulnerability could cause the affected system to stop responding or could potentially read portions of active memory content. We recommend that customers install the security update at the earliest opportunity.	(MS04-029)
	Oct 12, 2004
Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987): This update resolves a newly-discovered, privately reported vulnerability. A buffer overrun vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system. The vulnerability is documented in this bulletin in its own section. If a user is logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-028)
	Sep 14, 2004
Vulnerability in WordPerfect Converter Could Allow Code Execution (884933) : This update resolves a newly discovered, privately reported vulnerability. A remote code execution vulnerability exists in the WordPerfect 5.x Converter that is provided as part of the affected software. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk 3han users who operate with administrative privileges. However, user interaction is required to exploit this vulnerability.	(MS04-027)
	Sep 14, 2004
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436): This update resolves a newly-discovered, privately reported vulnerability. A cross-site scripting and spoofing vulnerability exists in Outlook Web Access for Exchange Server 5.5 that could allow an attacker to convince a user to run a malicious script. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited the vulnerability could manipulate Web browser caches and intermediate proxy server caches, and put spoofed content in those caches. They may also be able to exploit the vulnerability to perform cross-site scripting attacks.	(MS04-026)
	Aug 10, 2004
Cumulative Security Update for Internet Explorer (867801): This update resolves several newly discovered public vulnerabilities. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-025)
	Jul 30, 2004
Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689): This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-024)
	Jul 13, 2004
Vulnerability in HTML Help Could Allow Code Execution (840315): This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section. If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-023)
	Jul 13, 2004
Vulnerability in Task Scheduler Could Allow Code Execution (841873): This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-022)
	Jul 13, 2004
Security Update for IIS 4.0 (841373): This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.	(MS04-021)
	Jul 13, 2004
Vulnerability in POSIX Could Allow Code Execution (841872): This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.	(MS04-020)
	Jul 13, 2004
Vulnerability in Utility Manager Could Allow Code Execution (842526): This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.	(MS04-019)
	Jul 13, 2004
Cumulative Security Update for Outlook Express (823353): This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin.	(MS04-018)
	Jul 13, 2004
Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689): An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web viewers on an affected system. The number of files of files that are impacted by this vulnerability would depend on the security context of the affected component that is used by the Crystal Web viewer.	(MS04-017)
	June 8, 2004
Vulnerability in DirectPlay Could Allow Denial of Service (839643): This update resolves a newly-discovered, privately reported vulnerability. A denial of service vulnerability exists in the implementation of the IDirectPlay4 application programming interface (API) of Microsoft DirectPlay because of a lack of robust packet validation. The vulnerability is documented in the Vulnerability Details section of this bulletin. If a user is running a networked DirectPlay application, an attacker who successfully exploited this vulnerability could cause the DirectPlay application to fail. The user would have to restart the application to resume functionality.	(MS04-016)
	June 8, 2004
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374): If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.	(MS04-015)
	May 11, 2004
Vulnerability in the Microsoft Jet Database Engine Could Allow Code Execution (837001): A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Microsoft recommends that customers install the update at the earliest opportunity.	(MS04-014)
	April 13, 2004
Cumulative Security Update for Outlook Express (837009): This is a cumulative update that includes the functionality of all the previously-released updates for Outlook Express 5.5 and Outlook Express 6. Additionally, it eliminates a new vulnerability that could allow an attacker who successfully exploited this vulnerability to access files and to take complete control of the affected system. This could occur even if Outlook Express is not used as the default e-mail reader on the system.	(MS04-013)
	April 13, 2004
Cumulative Update for Microsoft RPC/DCOM (828741): This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Microsoft recommends that customers apply the update immediately.	(MS04-012)
	April 13, 2004
Security Update for Microsoft Windows (835732): This update resolves several newly-discovered vulnerabilities. Each vulnerability is documented in this bulletin in its own section. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Microsoft recommends that customers apply the update immediately.	(MS04-011)
	April 13, 2004
Vulnerability in MSN Messenger Could Allow Information Disclosure (838512): A security vulnerability exists in Microsoft MSN Messenger. The vulnerability exists because of the method used by MSN Messenger to handle a file request. An attacker could exploit this vulnerability by sending a specially crafted request to a user running MSN Messenger. If exploited successfully, the attacker could view the contents of a file on the hard drive without the user's knowledge as long as the attacker knew the location of the file and the user had read access to the file.	(MS04-010)
	March 9, 2004
Vulnerability in Microsoft Outlook Could Allow Code Execution (828040): Subsequent to the release of this bulletin, it was determined that this vulnerability could also affect users who do not have the “Outlook Today” folder home page as their default home page in Outlook 2002. As a result, Microsoft has re-released this bulletin with a new severity rating of “critical” to reflect the expanded attack vector. The update released with the original version of this security bulletin is effective in protecting from the vulnerability and users who have applied the update or have installed Office XP Service Pack 3 do not need to take additional action.	(MS04-009)
	March 9, 2004
Vulnerability in Windows Media Services Could Allow a Denial of Service (832359): A vulnerability exists because of the way that Windows Media Station Service and Windows Media Monitor Service, components of Windows Media Services, handle TCP/IP connections. If a remote user were to send a specially-crafted sequence of TCP/IP packets to the listening port of either of these services, the service could stop responding to requests and no additional connections could be made. The service must be restarted to regain its functionality.	(MS04-008)
	March 9, 2004
ASN.1 Vulnerability Could Allow Code Execution (828028): An attacker who successfully exploited this buffer overflow vulnerability could execute code with system privileges on an affected system. The attacker could then take any action on the system, including installing programs, viewing data, changing data, deleting data, or creating new accounts with full privileges.	(MS04-007)
	February 10, 2004
Vulnerability in the Windows Internet Naming Service (WINS) Could Allow Code Execution (830352): A security vulnerability exists in the Windows Internet Naming Service (WINS). This vulnerability exists because of the method that WINS uses to validate the length of specially-crafted packets. On Windows Server 2003 this vulnerability could allow an attacker who sent a series of specially-crafted packets to a WINS server to cause the service to fail. Most likely, this could cause a denial of service, and the service would have to be manually restarted to restore functionality.	(MS04-006)
	February 10, 2004
Vulnerability in Virtual PC for Mac Could Allow Privilege Elevation (835150): A security vulnerability exists in Microsoft Virtual PC for Mac. The vulnerability exists because of the method by which Virtual PC for Mac creates a temporary file when you run Virtual PC for Mac. An attacker could exploit this vulnerability by inserting malicious code into the file which could cause the code to be run with system privileges. This could give the attacker complete control over the system.	(MS04-005)
	February 10, 2004
Cumulative Security Update for Internet Explorer (832894): This is a cumulative update that includes the functionality of all the previously-released updates for Internet Explorer 5.01, Internet Explorer 5.5, and Internet Explorer 6.0. Additionally, it eliminates three newly-discovered vulnerabilities.	(MS04-004)
	February 02, 2004
Buffer Overrun in MDAC Function Could Allow Code Execution (832483): Microsoft Data Access Components (MDAC) is a collection of components that provides the underlying functionality for a number of database operations, such as connecting to remote databases and returning data to a client. When a client system on a network tries to see a list of computers that are running SQL Server and that reside on the network, it sends a broadcast request to all the devices that are on the network. Because of a vulnerability in a specific MDAC component, an attacker could respond to this request with a specially-crafted packet that could cause a buffer overflow.	(MS04-003)
	January 13, 2004
Vulnerability in Exchange Server 2003 Could Lead to Privilege Escalation (832759): This vulnerability is exposed if the Web site that is running the Exchange Server 2003 programs on the Exchange back-end server has been configured not to negotiate Kerberos authentication, causing OWA to fall back to using NTLM authentication. The only known way that this vulnerability can be exposed is by a change in the default configuration of Internet Information Services 6.0 on the Exchange back-end server. This vulnerability cannot be exposed by a routine fallback to NTLM because of a problem with Kerberos authentication. This configuration change may occur when Microsoft Windows SharePoint Services (WSS) 2.0 is installed on a Windows Server 2003 server that also functions as an Exchange Server 2003 back-end.	(MS04-002)
	January 13, 2004
Vulnerability in Microsoft Internet Security and Acceleration Server 2000 H.323 Filter Could Allow Remote Code Execution (816458): A security vulnerability exists in the H.323 filter for Microsoft Internet Security and Acceleration Server 2000 that could allow an attacker to overflow a buffer in the Microsoft Firewall Service in Microsoft Internet Security and Acceleration Server 2000. An attacker who successfully exploited this vulnerability could try to run code of their choice in the security context of the Microsoft Firewall Service. This would give the attacker complete control over the system. The H.323 filter is enabled by default on servers running ISA Server 2000 computers that are installed in integrated or firewall mode.	(MS04-001)
	January 13, 2004