ms04
Microsoft Security Bulletin MS04-020 2.0
Microsoft Security Bulletin MS04-020 Vulnerability in POSIX Could Allow Code Execution Vulnerability Identifiers: POSIX Vulnerability - CAN-2004-0210 - A privilege elevation vulnerability exists in more>> Microsoft Security Bulletin MS04-020
Vulnerability in POSIX Could Allow Code Execution
Vulnerability Identifiers: POSIX Vulnerability - CAN-2004-0210 - A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
Impact of Vulnerability: Privilege Elevation
Windows NT4: Important
Windows 2000: Important
<<lessMicrosoft Security Update MS04-038 1.0
Cumulative (critical) Security Update for Internet Explorer (834707) more>>
Who should read this document: Customers who use Microsoft Windows
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should install the update immediately.
Security Update Replacement: This update replaces the update that is included with Microsoft Security Bulletin MS04-025. That update is also a cumulative update.
Caveats: Microsoft Knowledge Base Article 834707 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.
This update may not include hotfixes that have been released since the release of MS04-004 or MS04-025.
Customers who have received hotfixes from Microsoft or from their support providers since the release of MS04-004 or MS04-025 should review the FAQ section for this update to determine how this update might affect their operating systems.
Affected Software:
? Microsoft Windows NT Server 4.0 Service Pack 6a
? Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
? Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
? Microsoft Windows XP, Microsoft Windows XP Service Pack 1, and Microsoft Windows XP Service Pack 2
? Microsoft Windows XP 64-Bit Edition Service Pack 1
? Microsoft Windows XP 64-Bit Edition Version 2003
? Microsoft Windows Server 2003
? Microsoft Windows Server 2003 64-Bit Edition
? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) ? Review the FAQ section of this bulletin for details about these operating systems.
Affected Components:
? Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3:
? Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4:
? Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me:
? Internet Explorer 6 on Windows XP
? Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3, on Microsoft Windows 2000 Service Pack 4, on Microsoft Windows XP, or on Microsoft Windows XP Service Pack 1
? Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me
? Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
? Internet Explorer 6 for Windows Server 2003
? Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
? Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Data Access Components (MDAC) Security Patch MS04-003 (64-bit) 2.8 (64-bit)
Microsoft Data Access Components (MDAC) Security Patch is created to provide users with an effective method to protect your system. more>> <<less
JPEGScan 1.01
A free, small, fast and easy-to-use scanner that has detection and repair capabilities for JPEG files infected files more>>
Subsequent analysis by the eEye team confirmed that the vulnerability could be exploited to execute arbitrary code, allowing an attacker to gain control of a remote system simply by enticing the victim to look at a specially-crafted JPEG image. MS04-028 is the tracking code assigned by Microsoft to this specific vulnerability.
If the program used to view the JPEG file uses a vulnerable version of gdiplus.dll then yes, and unfortunately a lot of software is affected. To scan for vulnerable versions of gdiplus.dll on your system please see these resources: Microsoft SANS
DiamondCS JPEGScan is a free, small, fast and easy-to-use scanner that has detection and repair capabilities for JPEG files infected with the MS04-028 exploit.
JPEGScan can detect all known variants of the exploit, and accomplishes this not by string searching or anti-viral signature scanning but rather by properly walking through all blocks in the JPEG searching for the undersized boundaries in comment sections that indicates the presence of MS04-028 infection.
Repairing renders the file harmless by readjusting undersized boundaries to their proper size, and if the file was based on a real JPEG then it should also become viewable.
If you simply want infected files deleted rather than repaired, JPEGScan can handle that also.
JPEGScan also allows for one-click integration into Explorers context menu, allowing you to easily right-click on any file, directory or drive and start scanning immediately for infected JPEG images.
Although all users will find this tool useful, network administrators in particular will enjoy being able to sweep entire networks for infected images. For reasons of speed, optimization and accuracy, the main scan routines were written in assembly language, making JPEGScan basically as fast as it possibly can be
Microsoft Windows 2000 4.0.8618.0
vulnerability in the MS jet database engine could allow code execution more>> Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action.
If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings.
The following files, on non-English systems only, were updated as part of this update: mswstr10.dll and msjint40.dll. You may see other files with new Date and Time information from the original release - these files remain unchanged, only the 2 files above have been updated.
A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft recommends that customers install the update at the earliest opportunity.
<<lessMcAfee AVERT Stinger 10.0.1.602
Free stand-alone utility used to detect and remove specific viruses more>> Free stand-alone utility used to detect and remove specific viruses
Stinger is a stand-alone utility used to detect and remove specific viruses.
McAfee AVERT Stinger is not a substitute for the full anti-virus protection, but rather a tool that assists administrators and users when dealing with an infected system.
Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
This version of Stinger includes detection for all known variants :
? BackDoor-ALI
? BackDoor-AQJ
? BackDoor-AQJ.b
? BackDoor-CEB
? BackDoor-CEB!bat
? BackDoor-CEB!hosts
? BackDoor-CEB.b
? BackDoor-CEB.c
? BackDoor-CEB.d
? BackDoor-CEB.dll
? BackDoor-CEB.dr
? BackDoor-CEB.e
? BackDoor-CEB.f
? BackDoor-CEB.sys
? BackDoor-CFB
? BackDoor-JZ
? BackDoor-JZ.dam
? BackDoor-JZ.dr
? BackDoor-JZ.gen
? BackDoor-JZ.gen.b
? Bat/Mumu.worm
? Downloader-DN.a
? Downloader-DN.b
? Exploit-DcomRpc
? Exploit-DcomRpc.b
? Exploit-DcomRpc.dll
? Exploit-Lsass
? Exploit-Lsass.dll
? Exploit-MS04-011
? Exploit-MS04-011.gen
? HideWindow
? HideWindow.dll
? IPCScan
? IRC/Flood.ap
? IRC/Flood.ap.bat
? IRC/Flood.ap.dr
? IRC/Flood.bi
? IRC/Flood.bi.dr
? IRC/Flood.cd
? NTServiceLoader
? ProcKill
? PWS-Narod
? PWS-Narod.dll
? PWS-Narod.gen
? PWS-Sincom
? PWS-Sincom.dll
? PWS-Sincom.dr
? W32/Anig.worm
? W32/Anig.worm.dll
? W32/Bagle
? W32/Bagle!eml.gen
? W32/Bagle!pwdzip
? W32/Bagle.ad!src
? W32/Bagle.dldr
? W32/Bagle.dll.dr
? W32/Bagle.eml
? W32/Bagle.fb!pwdzip
? W32/Bagle.fc!pwdzip
? W32/Bagle.fd!pwdzip
? W32/Bagle.fe!pwdzip
? W32/Bagle.fm.dldr
? W32/Bagle.gen
? W32/Bagle@MM!cpl
? W32/Blaster.worm
? W32/Blaster.worm.k
? W32/Bropia.worm
? W32/Bugbear
? W32/Bugbear.a.dam
? W32/Bugbear.b!data
? W32/Bugbear.b.dam
? W32/Bugbear.gen@MM
? W32/Bugbear.h@MM
? W32/Bugbear@MM
? W32/Deborm.worm.ah
? W32/Deborm.worm.gen
? W32/Doomjuice.worm
? W32/Dumaru
? W32/Dumaru.ad@MM
? W32/Dumaru.al.dll
? W32/Dumaru.dll
? W32/Dumaru.eml
? W32/Dumaru.gen
? W32/Dumaru.gen@MM
? W32/Dumaru.w.gen
? W32/Elkern.cav
? W32/Elkern.cav.c
? W32/Elkern.cav.c.dam
? W32/Fizzer
? W32/Fizzer.dll
? W32/FunLove
? W32/FunLove.apd
? W32/Gaobot.worm
? W32/Harwig.worm
? W32/IRCbot
? W32/IRCbot.worm
? W32/IRCbot.worm.dll
? W32/Klez
? W32/Klez.dam
? W32/Klez.eml
? W32/Klez.gen.b@MM
? W32/Klez.rar
? W32/Korgo.worm
? W32/Lirva
? W32/Lirva.c.htm
? W32/Lirva.eml
? W32/Lirva.gen@MM
? W32/Lirva.htm
? W32/Lirva.txt
? W32/Lovgate
? W32/Mimail
? W32/Mimail.c@MM
? W32/Mimail.c@MM
? W32/Mimail.i!data
? W32/Mimail.q@MM
? W32/MoFei.worm
? W32/MoFei.worm.dr
? W32/Mumu.b.worm
? W32/Mydoom
? W32/Mydoom!bat
? W32/Mydoom!ftp
? W32/Mydoom.b!hosts
? W32/Mydoom.dam
? W32/Mydoom.t.dll
? W32/Mytob
? W32/Mytob.gen@MM
? W32/Mytob.worm
? W32/MyWife
? W32/MyWife.dll
? W32/MyWife@MM
? W32/Nachi!tftpd
? W32/Nachi.worm
? W32/Netsky
? W32/Netsky.af@MM
? W32/Nimda
? W32/Nimda.dam
? W32/Nimda.eml
? W32/Nimda.gen@MM
? W32/Nimda.htm
? W32/Pate
? W32/Pate!dam
? W32/Pate.dam
? W32/Pate.dr
? W32/Polip
? W32/Polip!mem
? W32/Polybot
? W32/Polybot.bat
? W32/Sasser.worm
? W32/Sasser.worm!ftp
? W32/Sdbot
? W32/Sdbot!irc
? W32/Sdbot.bat
? W32/Sdbot.cli
? W32/Sdbot.dll
? W32/Sdbot.dr
? W32/Sdbot.worm
? W32/Sdbot.worm!ftp
? W32/Sdbot.worm.bat.b
? W32/Sdbot.worm.dr
? W32/Sdbot.worm.gen
? W32/Sdbot.worm.gen.a
? W32/Sdbot.worm.gen.b
? W32/Sdbot.worm.gen.c
? W32/Sdbot.worm.gen.d
? W32/Sdbot.worm.gen.e
? W32/Sdbot.worm.gen.q
? W32/Sober
? W32/Sober!data
? W32/Sober.dam
? W32/Sober.eml
? W32/Sober.f.dam
? W32/Sober.g.dam
? W32/Sober.q!spam
? W32/Sober.r.dr
? W32/Sober.r@MM
? W32/Sobig
? W32/Sobig.dam
? W32/Sobig.eml
? W32/Sobig.f.dam
? W32/Sobig.gen@MM
? W32/Spybot.worm
? W32/SQLSlammer.worm
? W32/Swen
? W32/Swen@MM
? W32/Yaha.eml
? W32/Yaha.gen@MM
? W32/Yaha.y@MM
? W32/Yaha@MM
? W32/Zafi
? W32/Zafi.b.dam
? W32/Zindos.worm
? W32/Zotob.worm
? W32/Zotob.worm!hosts
Note: Windows ME and XP utilize a restore utility that backs up selected files automatically to the C:_Restore folder.
The filename has been changed from "stinger.exe" to "s-t-i-n-g-e-r.exe" to circumvent anti-stinger tactics used by Sober.p.
This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility to remove the infected files from the C:_Restore folder.
Exploit-DcomRpc.dll Exploit-Lsass Exploit-Lsass.dll Exploit-MS04-011 Exploit-MS04-011.gen HideWindow HideWindow.dll IPCScan IRC/Flood.ap IRC/Flood.ap.bat IRC/Flood.ap.dr IRCLicense:Freeware
Microsoft Windows NT 4.0.8618.0
Vulnerability in MS Jet database Engine could allow code execution more>> Microsoft updated this bulletin on May 11, 2004 to advise on the availability of a revised version of the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1). The original update does address the vulnerability in Windows XP for all supported languages; however, the original update was not fully localized. Specifically, optional Jet error strings were only being offered in English on Windows XP. This issue does not affect other operating systems. If you have previously applied the security update for other operating systems, including Windows XP Service Pack 1, you need not take any additional action.
If you have previously applied the security update for non-English versions of Windows XP (as opposed to Windows XP Service Pack 1), you need not take any additional action as you are already protected from this vulnerability. However, if you want to have the Jet optional text error information in the same language as your Windows XP installation, you will need to remove the original security update MS04-014 (837001) following the Removal Information procedure located in this document and install the revised version. Once 837001 is uninstalled, revisiting Windows Update will result in the revised MS04-014 security update for Windows XP being re-offered with the correct, localized, optional text error strings.
The following files, on non-English systems only, were updated as part of this update: mswstr10.dll and msjint40.dll. You may see other files with new Date and Time information from the original release - these files remain unchanged, only the 2 files above have been updated.
A buffer overrun vulnerability exists in the Microsoft Jet Database Engine (Jet) that could allow remote code execution. An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
Microsoft recommends that customers install the update at the earliest opportunity.
<<lessResolve for Delf-ALI 1.07
A tool that removes Delf-ALI trojan more>> A tool that removes Delf-ALI trojan
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms. They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
Troj/Delf-ALI is a worm and IRC backdoor Trojan for the Windows platform.
Troj/Delf-ALI spreads to other network computers by exploiting common buffer overflow vulnerabilities, including RPC-DCOM (MS04-012).
Troj/Delf-ALI runs continuously in the background, providing a backdoor server which allows a remote intruder to gain access and control over the computer via IRC channels.
Troj/Delf-ALI includes functionality to access the internet and communicate with a remote server via HTTP.
When Troj/Delf-ALI is installed it creates the clean text file msguid32.dll.
The following registry entry is created to run Troj/Delf-ALI on startup:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
Microsoft IIS
Troj/Delf-ALI attempts to log details from banking applications related to the following sites:
www.halifax-online.co.uk
ibank.barclays.co.uk
online.lloydstsb.co.uk
online-business.lloydstsb.co.uk
www.ukpersonal.hsbc.co.uk
banesnet.banesto.es
extranet.banesto.es
ebanking.bccbrescia.it
www.bankofscotlandhalifax-online.co.uk
oi.cajamadrid.es
bancae.caixapenedes.com
banking.postbank.de
meine.deutsche-bank.de
myonlineaccounts2.abbeynational.co.uk
ibank.cahoot.com
webbank.openplan.co.uk
bancopostaonline.poste.it
mybank.bybank.it
ibank.internationalbanking.barclays.com
welcome7.co-operativebank.co.uk
welcome11.co-operativebankonline.co.uk
Troj/Delf-ALI modifies the HOSTS file in order to redirect access to the above sites.
Troj/Delf-ALI stores logged information to the following clean text files in the Windows system folder:
abbey.dll
bane.dll
bankofscot.dll
barc.dll
barc3.dll
bccbrescia.dll
bybank.dll
cahoot.dll
caixapenedes.dll
cajamadrid.dll
coo11.dll
coo7.dll
deutchebank.dll
halif.dll
hsbc.dll
lloy.dll
posta.dll
postbank.dll
wool.dll
Troj/Delf-ALI can be removed from Windows computers automatically with the following Resolve tools:
Windows disinfector
DELFAGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
- Open DELFAGUI.com file from your desktop after downloading it.
- Click on the Start Scan Button.
- Wait for the process to complete.
- After removing the worm you should install the Microsoft patch MS04-012 or, on single computers, update with all relevant security patches from Windows update.
Command line disinfector
DELFASFX.EXE is a self-extracting archive containing DELFACLI, a Resolve command line disinfector for use by system administrators on Windows networks.
Microsoft Security Bulletin Summary for September 2004 1.0
Microsoft Security Bulletin Summary for September is an advanced program which satisfies you with updates for newly discovered vulnerabilities. more>>
Microsoft Security Bulletin Summary for September 2004 1.0 is an advanced program which satisfies you with updates for newly discovered vulnerabilities.
Major Features:
- Critical (1)
- Bulletin Identifier - Microsoft Security Bulletin MS04-028
- Bulletin Title - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
- Executive Summary - A remote code execution vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system.
- Maximum Severity Rating - Critical
- Impact of Vulnerability - Remote Code Execution
- Affected Software - Windows, Office, Developer, Internet Explorer, and others. For more information, see the Affected Software and Download Locations section for details.
- Note This vulnerability might require the installation of several security updates. Review the entire column in the Affected Software and Download Locations summary table for the MS04-028 bulletin identifier to verify the updates that you have to install, based on the programs or components that you have installed on your system.
- Important (1)
- Bulletin Identifier - Microsoft Security Bulletin MS04-027
- Bulletin Title - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
- Executive Summary - A remote code execution vulnerability exists in the WordPerfect 5.x converter that is provided as part of the affected software that could allow remote code execution on an affected system.
- Maximum Severity Rating - Important
- Impact of Vulnerability - Remote Code Execution
- Affected Software - Office, FrontPage, Works, and Publisher. For more information, see the Affected Software and Download Locations section.
Microsoft Sasser (A-F) Worm Removal Tool 4.0
Remove the Sasser worm more>>
This tool will help remove the Sasser.A and Sasser.B worms from these systems. For systems with MS04-011 [KB835732], no further action is needed once this tool is installed. Install this tool to help remove this worm from your PC.
Enhancements:
- Added detection/removal for Sasser.F
Cumulative Security Update for Internet Explorer 1.0
Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707) Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical Recommendation: more>> Microsoft Security Bulletin MS04-038 Cumulative Security Update for Internet Explorer (834707)
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Recommendation: Customers should install the update immediately.
Security Update Replacement: This update replaces the update that is included with Microsoft Security Bulletin MS04-025. That update is also a cumulative update.
<<lessMicrosoft Windows Security Bulletin for July 1.0
patch/update information more>> Bulletin Identifier: Microsoft Security Bulletin MS04-016
Bulletin Title: Vulnerability in DirectPlay Could Allow Denial of Service (839643)
Executive Summary: A denial of service vulnerability exists in the IDirectPlay4 API of Microsoft DirectPlay because of a lack of robust packet validation.
Maximum Severity Rating: Moderate
Impact of Vulnerability: Denial of Service
Affected Software: Windows Server 2003, Windows Server 2003 64-bit Edition, Windows XP, Windows XP 64-bit Edition Service Pack 1, Windows XP 64-bit Edition Version 2003, Windows 2000 Service Pack 2, Windows 2000 Service Pack 3, Windows 2000 Service Pack 4, Windows Millenium Edition (ME), Windows 98 Second Edition (SE), Windows 98
Windows Affected Operating System Components: DirectX 8.0, 8.0a - (For Windows 2000), DirectX 8.1, 8.1a, 8.1b - (For Windows 2000), DirectX 8.2 - (For Windows 2000 and Windows XP), DirectX 9.0, 9.0a, 9.0b - (For Windows 2000 or later)
Bulletin Identifier: Microsoft Security Bulletin MS04-017
Bulletin Title: Vulnerability in Crystal Reports Web Viewer Could Allow Information Disclosure and Denial of Service (842689)
Executive Summary: A directory traversal vulnerability exists in Crystal Reports and Crystal Enterprise from Business Objects that could allow Information Disclosure and Denial of Service attacks on an affected system.
Maximum Severity Rating: Moderate
Impact of Vulnerability: Information Disclosure and Denial of Service
Affected Software: Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2.<<less
Microsoft Security Bulletin Summary for August 1.0
Bulletin Identifier Microsoft Security Bulletin MS04-026 Bulletin Title Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436) more>> Bulletin Identifier
Microsoft Security Bulletin MS04-026
Bulletin Title
Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks (842436)
Executive Summary
A cross-site scripting and spoofing vulnerability exists in OWA for Exchange Server 5.5 that could cause a user to run script on the attackers behalf.
Maximum Severity Rating
Moderate
Impact of Vulnerability
Remote Code Execution
Affected Software
Microsoft Exchange, Outlook Web Access. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin Summary for December 1.0
Bulletin Identifier: Microsoft Security Bulletin MS04-040 Bulletin Title: Cumulative Security Update for Internet Explorer (889293) Executive Summary: A vulnerability exists in Internet Explorer that more>>
- Bulletin Identifier: Microsoft Security Bulletin MS04-040
- Bulletin Title: Cumulative Security Update for Internet Explorer (889293)
- Executive Summary: A vulnerability exists in Internet Explorer that could allow remote code execution on an affected system.
- Maximum Severity Rating: Critical
- Impact of Vulnerability: Remote Code Execution
- Affected Software: Windows, Internet Explorer. For more information, see the Affected Software and Download Locations section.
Microsoft Security Bulletin Summary for September 1.0
Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are: Critical (1) Bulletin Identifier - Microsoft Security Bulletin MS04-028 more>> Included in this advisory are updates for newly discovered vulnerabilities. These vulnerabilities, broken down by severity are:
Critical (1)
Bulletin Identifier - Microsoft Security Bulletin MS04-028
Bulletin Title - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)
Executive Summary - A remote code execution vulnerability exists in the processing of JPEG image formats that could allow remote code execution on an affected system.
Maximum Severity Rating - Critical
Impact of Vulnerability - Remote Code Execution
Affected Software - Windows, Office, Developer, Internet Explorer, and others. For more information, see the Affected Software and Download Locations section for details.
Note This vulnerability might require the installation of several security updates. Review the entire column in the Affected Software and Download Locations summary table for the MS04-028 bulletin identifier to verify the updates that you have to install, based on the programs or components that you have installed on your system.
Important (1)
Bulletin Identifier - Microsoft Security Bulletin MS04-027
Bulletin Title - Vulnerability in WordPerfect Converter Could Allow Code Execution (884933)
Executive Summary - A remote code execution vulnerability exists in the WordPerfect 5.x converter that is provided as part of the affected software that could allow remote code execution on an affected system.
Maximum Severity Rating - Important
Impact of Vulnerability - Remote Code Execution
Affected Software - Office, FrontPage, Works, and Publisher. For more information, see the Affected Software and Download Locations section.
- Page: 1 of 2
- 1
- 2
