| Highly Critical |
This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer. |
MS03-014 |
| Critical |
This vulnerability could allow a remote attacker to execute arbitrary code via a malformed RPC request with a long filename parameter. This is caused by a heap-based buffer overflow found in the Distributed Component Object Model (DCOM) interface in the RPCSS Service.;This vulnerability could allow a remote attacker to cause a denial of service attack, which could allow local attackers to gain privileges via certain messages sent to the __RemoteGetClassObject interface.;This vulnerability could allow a remote attacker to execute arbitrary code via a malformed activation request packet with modified length fields. This is caused by a heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service.;This vulnerability could allow a remote attacker to cause a denial of service attack. This is caused by two threads processing the same RPC request, which will lead to its using memory after it has been freed.;This vulnerability could allow a remote attacker to cause a denial of service attack via a queue registration request. This is caused by a buffer overflow in the Microsoft Message Queue Manager. |
MS03-039 |
| Highly Critical |
These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system. |
MS03-040 |
| Critical |
This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory. |
MS03-041 |
| Critical |
This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service for Windows NT through Server 2003. |
MS03-043 |
| Important |
This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely. |
MS03-045 |
| Critical |
This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the users system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attackers choice. |
MS04-004 |
| Highly Critical |
The LSASS buffer overrun vulnerability allows remote code execution.;The LDAP vulnerability is a denial of service vulnerability that causes the service in a Windows 2000 domain controller in an Active Directory domain to stop responding.;The PCT vulnerability is a buffer overrun vulnerability in the Private Communications Transport protocol, that allows remote code execution.;The Winlogon vulnerability is a buffer overrun vulnerability in the Windows logon process that allows remote code execution.;The Metafile vulnerability is a buffer overrun vulnerability that exists in the rendering of Windows Metafile (WMF) and Enhanced Metafile (EMF) image formats.;The Help and Support Center vulnerability allows remote code execution due to the way Help and Support Center handles HCP URL validation.;The Utility Manager vulnerability is a privilege elevation vulnerability that exists due to the way that Utility Manager launches applications.;The Windows Management vulnerability is a privilege elevation vulnerability that could allow a local attacker to take complete control of a system by executing commands with system privilege level.;The Local Descriptor Table vulnerability could allow a local attacker to take complete control of a system by executing commands with system privileges.;This H.323 buffer overrun vulnerability could allow attackers to gain full control of a system by arbitrarily executing commands with system privileges.;Virtual DOS Machine vulnerability could allow a local attacker to gain full control of a system by executing certain commands;This Negotiate SSP buffer overrun vulnerability that exists in Microsoft's Negotiate Security Service Provider interface could allow remote code execution.;This SSL vulnerability exists due to the way SSL packets are handled and can cause the affected systems to stop responding to SSL connection requests.;The ASN.1 Double-Free vulnerability exists in Microsoft's Abstract Syntax Notation One Library and allows remote code execution with system privilege level. |
MS04-011 |
| Critical |
The RPC Runtime Library vulnerability is a remote code execution vulnerability that results from a race condition when the RPC Runtime Library processes specially crafted messages. An attacker who successfully exploits this vulnerability could take complete control of an affected system.;The RPCSS Service denial of service (DoS) vulnerability allows a malicious user or malware to send specially-crafted messages to a vulnerable system, which causes the RPCSS Service to stop responding.;The RPC Over HTTP vulnerability may be used to launch a denial of service (DoS) attack against a system with CIS or RPC over HTTP Proxy enabled.;When successfully exploited, the Object Identity vulnerability allows an attacker to force currently running applications to open network communication ports, thereby opening a system to remote attacks. |
MS04-012 |
| Critical |
The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system. |
MS04-013 |
| Critical |
This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attacker to remotely execute arbitrary code with Local System privileges. |
MS04-015 |
| Moderate |
This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay. Applications that use this API are typically network-based multiplayer games.;An attacker who successfully exploits this vulnerability could cause the DirectX application to fail while a user is playing a game. The affected user would then have to restart the application. |
MS04-016 |
| Moderate |
A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation. |
MS04-018 |
| Critical |
This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user. |
MS04-022 |
| Critical |
An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges. |
MS04-023 |
| Critical |
The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system. |
MS04-025 |
| Critical |
This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes. |
MS04-028 |
| Important |
An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected system. However, the NetDDe services are not automatically executed, and so would then have to be manually started for an attacker to exploit this vulnerability. This vulnerability also allows attackers to perform a local elevation of privilege, or a remote denial of service (DoS) attack. |
MS04-031 |
| Critical |
This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, and Windows Kernel Vulnerability. |
MS04-032 |
| Critical |
This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code execution. Windows can not properly handle the extraction of the ZIP folder with a very long file name. Opening a specially crafted compressed file, a stack-based overflow occurs, enabling the remote user to execute arbitrary code. |
MS04-034 |
| Critical |
This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could enable remote malicious user or malware to execute arbitrary code. Windows Shell function does not properly check the length of the message before copying to the allocated buffer. Program Group Converter is an application used to convert Program Manager Group files that were produced in Windows 3.1, Windows 3.11, Windows for Workgroups 3.1, and Windows for Workgroups 3.11 so that they can still be used by later operating systems. The vulnerability lies in an unchecked buffer within the Group Converter Utility. |
MS04-037 |
| Critical |
This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. |
MS04-038 |
| Critical |
This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user. |
MS04-040 |
| Important |
This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited, this remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. |
MS04-041 |
| Critical |
A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. This malicious file may enable the attacker to gain complete control of the affected system. This vulnerability could also be exploited through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client. |
MS04-043 |
| Important |
This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute programs. They cannot be exploited remotely, or by anonymous users. A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow the current user to take complete control of the system. A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow the current user to take complete control of the affected system. |
MS04-044 |
| Critical |
This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system. |
MS05-001 |
| Critical |
This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts that have full privileges. |
MS05-002 |
| Important |
This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition. |
MS05-003 |
| Important |
This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an open connection to an available shared resource. |
MS05-007 |
| Important |
This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the users system if a user visited a malicious Web site or viewed a malicious e-mail message. |
MS05-008 |
| Critical |
This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take complete control of an affected system. |
MS05-009 |
| Critical |
This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. |
MS05-011 |
| Critical |
This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This vulnerability could grant a currently logged-on user to take complete control of the system.;This remote code execution vulnerability exists in OLE because of the way that it handles input validation. An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution. |
MS05-012 |
| Critical |
This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system. |
MS05-013 |
| Critical |
This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
MS05-014 |
| Critical |
A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message. |
MS05-015 |
| Critical |
A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability. |
MS05-016 |
| Important |
This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
MS05-018 |
| Critical |
This security bulletin resolves newly discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding. |
MS05-019 |
| Critical |
This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
MS05-020 |
| Critical |
This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content. |
MS05-025 |
| Critical |
HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. This vulnerability in HTML Help could allow attackers to execute arbitrary code on the affected system via a specially crafted Compiled Windows Help (CHM) file, because it does not completely validate input data. |
MS05-026 |
| Critical |
A remote code execution vulnerability exists in the Microsofts implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a target system. This vulnerability could be exploited over the Internet. An attacker would have to transmit a specially crafted SMB packet to a target system to exploit it. However, failure to successfully exploit the vulnerability could only lead to a denial of service. |
MS05-027 |
| Important |
A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete control over the affected system. |
MS05-028 |
| Important |
A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news. |
MS05-030 |
| Moderate |
This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character. |
MS05-032 |
| Moderate |
This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of users who have open connections to a malicious Telnet server. |
MS05-033 |
| Critical |
This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerability exists because of the way Microsoft Color Management Module handles ICC profile format tag validation. |
MS05-036 |
| Critical |
A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site. |
MS05-037 |
| Critical |
This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer. |
MS05-038 |
| Critical |
An unchecked buffer in the Plug and Play service results in this vulnerability. Once successfully exploited, this vulnerability permits an attacker to have complete virtual control of an affected system. This vulnerability involves a remote code execution and local elevation of privilege. It can be exploited over the Internet. |
MS05-039 |
| Important |
This security advisory explains a vulnerability in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. Attackers who successfully exploits the said vulnerability can take complete control of an affected system. They could then install programs, view, change, or delete data, and create new accounts with full user rights |
MS05-040 |
| Moderate |
A remote malicious user can use the process employed by the Remote Desktop Protocol (RDP) to validate data to cause a denial of service (DoS) attack, which stops an affected machine from responding and causing it to automatically restart. |
MS05-041 |
| Moderate |
This security bulletin resolves the following vulnerabilities found in Microsoft Windows: (1) the Kerberos vulnerability, which is a denial of service vulnerability that allows an attacker to send a specially crafted message to a Windows domain controller, making the service that is responsible for authenticating users in an Active Directory domain to stop responding, and (2)the PKINIT vulnerability, which is an information disclosure and spoofing vulnerability that allows an attacker to manipulate certain information that is sent from a domain controller and potentially access sensitive client network communication. |
MS05-042 |
| Critical |
A remote code execution vulnerability in the Printer Spooler service allows an attacker who successfully exploits this vulnerability to take complete control of the affected system. |
MS05-043 |
| Moderate |
This tampering vulnerability exists because the Windows FTP client does not properly validate file names that are received from FTP servers. This vulnerability may be exploited when an attacker hosts a file using a specially crafted file name on an FTP server. This file bypasses the file name validation of the Windows FTP client. It allows an attacker to modify the intended destination location for a file transfer when a client has manually chosen to transfer a file using FTP. |
MS05-044 |
| Moderate |
An unchecked buffer in the Network Connection Manager could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received. |
MS05-045 |
| Important |
This vulnerability, which exists in Plug and Play (PnP), could allow an authenticated attacker to take complete control of the affected system. An attacker could then install programs: view, change, or delete data; or create new accounts with full user rights. |
MS05-047 |
| Important |
Attackers, who successfully exploited this vulnerability, takes complete control of an affected system. They could install programs; view, change, or delete data; or create new accounts with full user rights. |
MS05-048 |
| Important |
This release covers the Shell vulnerability and the Web View Script Injection vulnerability. If a user logs on with administrative rights, an attacker could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. . |
MS05-049 |
| Critical |
This remote code execution vulnerability exists in DirectShow. It could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. |
MS05-050 |
| Critical |
This cumulative release covers four vulnerabilities: MSDTC vulnerability, COM+ vulnerability, TIP vulnerability, and Distributed TIP vulnerability. An attacker who successfully exploits the most severe of these vulnerabilities could take complete control of an affected system. The said attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. |
MS05-051 |
| Critical |
This vulnerability exists in Microsoft DDS Library Shape Control (MSDDS.DLL) and other COM objects, which, when instantiated in Internet Explorer, could allow an attacker to take complete control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system. |
MS05-052 |
| Critical |
This advisory covers the Graphics Rendering Engine vulnerability and Windows Metafile vulnerability, both of which could allow remote code execution. It also covers the Enhanced Metafile vulnerability, which allows any program that renders EMF images to be vulnerable to denial of service attacks. |
MS05-053 |
| Critical |
This security advisory resolves four vulnerabilites: File Download Dialog Box vulnerability, HTTPS Proxy vulnerability, COM Object Instantiation Memory Corruption vulnerability, and Mismatched Document Object Model Objects Memory Corruption vulnerability. It replaces the MS05-052 security update. |
MS05-054 |
| Highly Critical |
This security advisory resolves a newly discovered vulnerability because the modifications that are required to address the said issues are located in related files: 1) The Graphics Rendering Engine has a vulnerability that could allow remote code execution because of the way it handles Windows Metafile (WMF) images; 2) The Windows Metafile Vulnerability allows an attacker could cause malicious code to run in the security context of the locally logged on user through a specially crafted metafile image. |
MS06-001 |
| Critical |
This security advisory resolves a privately reported vulnerability in embedded web fonts. The Embedded Web Font vulnerability exists in Windows because of the way it handles malformed embedded Web fonts. Font embedding is a technology built into Microsoft Internet Explorer versions 4 and higher. This allows the fonts used in a specific document to travel with that document ensuring that what the users see is the exact format the designer intended for them to see. The vulnerability allows remote execution of arbitrary codes. |
