recompile with xlint unchecked for details
Microsoft Windows XP (64-bit) Unchecked Buffer Vulnerability Patch
Prevent malicious users from compromising your computer and gaining complete control over your Windows XP system. more>>
Microsoft Windows XP (64-bit) Unchecked Buffer Vulnerability Patch is developed as a useful and essential patch which offers the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw.
An attacker could seek to exploit this vulnerability by creating an MP3 or a WMA file that contains a corrupt custom attribute and then host it on a Web site or on a network share, or send it via an HTML e-mail. If a user were to hover his or her mouse pointer over the icon for the file (either on a Web page or on the local disk), or open the shared folder where the file is stored, the vulnerable code would be invoked. An HTML e-mail could cause the vulnerable code to be invoked when a user opens or previews the e-mail. A successful attack could have the effect of either causing the Windows Shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
Microsoft windows NT 4.0 Unchecked Buffer in SNMP Q314147
This update resolves the Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run security vulnerability in Windows NT? 4.0, and is discussed in Microsoft Security Bulletin MS02-006 more>> This update resolves the "Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run" security vulnerability in Windows NT? 4.0, and is discussed in Microsoft Security Bulletin MS02-006. Download now to prevent a malicious user from running code of his or her choice or launching a denial of service (DoS) attack on your computer.
The vulnerability exists because a component of the Simple Network Management Protocol (SNMP) agent service that interprets incoming commands contains an unchecked buffer (a temporary data storage area that has a limited capacity). By sending a specially malformed request, it is possible to carry out a buffer overrun attack against an affected system.
Note The SNMP service is neither installed nor running by default in any version of Windows.
For more information about this vulnerability, read Microsoft Security Bulletin MS02-006.
<<lessMicrosoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch MS02-072
Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch MS02-072 is a patch stooping malicious users from compromising your computer and gaining complete control over your Windows XP system more>>
Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch MS02-072 is a patch stopping malicious users from compromising your computer and gaining complete control over your Windows XP system. The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.
An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw.
An attacker could seek to exploit this vulnerability by creating an MP3 or a WMA file that contains a corrupt custom attribute and then host it on a Web site or on a network share, or send it via an HTML e-mail. If a user were to hover his or her mouse pointer over the icon for the file (either on a Web page or on the local disk), or open the shared folder where the file is stored, the vulnerable code would be invoked. An HTML e-mail could cause the vulnerable code to be invoked when a user opens or previews the e-mail. A successful attack could have the effect of either causing the Windows Shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user.
For more information about the vulnerabilities this update addresses, read the associated Microsoft Security Bulletin.
Microsoft Commerce Server 2000 Unchecked Buffer in
By default, Commerce Server 2000 installs a .dll with an ISAPI filter that allows the server to provide extended functionality in response to events on the server more>> By default, Commerce Server 2000 installs a .dll with an ISAPI filter that allows the server to provide extended functionality in response to events on the server. This filter, called AuthFilter, provides support for a variety of authentication methods. Commerce Server 2000 can also be configured to use other authentication methods.
A security vulnerability results because AuthFilter contains an unchecked buffer in a section of code that handles certain types of authentication requests. An attacker who provided authentication data that overran the buffer could cause the Commerce Server process to fail, or could run code in the security context of the Commerce Server process. The process runs with LocalSystem privileges, so exploiting the vulnerability would give the attacker complete control of the server.
<<lessMicrosoft ASP.NET Unchecked Buffer Vulnerability patch MS02-026
Microsoft ASP.NET Unchecked Buffer Vulnerability patch is a useful tool designed with the ability to resolve an unchecked buffer in one of the routines which handles the processing of cookies in StateServer mode more>>
Microsoft ASP.NET Unchecked Buffer Vulnerability patch MS02-026 is a useful tool designed with the ability to resolve an unchecked buffer in one of the routines which handles the processing of cookies in StateServer mode, resulting in a security vulnerability. When working with Microsoft ASP.NET, a component of the Microsoft .NET Framework provides for session state management through a variety of modes.
One such mode, called StateServer, stores session state information in a separate running process that can run on either the same machine as the ASP.NET-based application or on a different machine.
Microsoft Data Access Components 2.5 Unchecked Buffer Vulnerability MS02-040
The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases more>>
Microsoft Data Access Components 2.5 Unchecked Buffer Vulnerability MS02-040 is developed as a useful and smart program which offers various supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer.
An attacker who successfully exploited it would be able to take action with all the privileges of an affected SQL Server. At a minimum, this would grant the attacker complete control over the database, and potentially could grant administrative privileges at the operating system level as well.
Windows NT SNMP Unchecked Buffer Vulnerability Patch MS02-006
Windows NT SNMP Unchecked Buffer Vulnerability Patch provides such a convenient as well as powerful Internet standard protocol for managing disparate network devices such as firewalls, computers, and routers. more>>
Windows NT SNMP Unchecked Buffer Vulnerability Patch MS02-006 provides such a convenient as well as powerful Internet standard protocol for managing disparate network devices such as firewalls, computers, and routers.
All versions of Windows except Windows ME provide an SNMP implementation, which is neither installed nor running by default in any version. A buffer overrun is present in all implementations. By sending a specially malformed management request to a system running an affected version of the SNMP service, an attacker could cause a denial of service.
In addition, it is possible that he could cause code to run on the system in LocalSystem context. This could potentially give the attacker the ability to take any desired action on the system.
Requirements: Windows NT
Windows XP SNMP Unchecked Buffer Vulnerability Patch MS02-006
Windows XP SNMP Unchecked Buffer Vulnerability Patch is a reliable and useful update which resolves the Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run security vulnerability in Windows XP and is discussed in Microsoft Security Bulletin MS02-006. more>>
Windows XP SNMP Unchecked Buffer Vulnerability Patch MS02-006 is a reliable and useful update which resolves the 'Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run' security vulnerability in Windows XP and is discussed in Microsoft Security Bulletin MS02-006. This patch prevents a malicious user from running code of their choice or launching a denial-of-service attack on your computer.
Microsoft Windows NT 4.0 Patch: Unchecked Buffer i Update
This update resolves the Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise security vulnerability in Windows NT? 4.0 computers running Index Server 2.0, and is more>> This update resolves the "Unchecked Buffer in Index Server ISAPI Extension Could Enable Web Server Compromise" security vulnerability in Windows NT? 4.0 computers running Index Server 2.0, and is discussed in Microsoft Security Bulletin MS01-033. Download now to prevent a malicious user from taking control of your Web server.
Important: A new version of this update is now available. Microsoft recommends that you download Security Update, August 17, 2001, as it eliminates the vulnerability discussed in this update, and all known variants of the vulnerability.
The Index Server ISAPI (Index Server Application Programming Interface) extension, idq.dll file, which installs as part of Index Server 2.0 in Windows NT 4.0, has an unchecked buffer (a temporary data storage area that has a limited capacity) in the code that handles incoming requests. A specifically malformed request from a malicious user can cause the buffer to overflow. Doing so grants the malicious user Local System privileges, allowing him or her to take complete control of the Web server. This update eliminates the vulnerability by ensuring that the ISAPI extension checks input correctly.
Note: Although the functionality provided by idq.dll supports Index Server 2.0, idq.dll is installed with Internet Information Server (IIS) 4.0, and the vulnerability is present only when IIS 4.0 is running.
For more information about this vulnerability, read Microsoft Security Bulletin MS01-033.
<<lessMicrosoft Windows 2000 Unchecked Buffer in Telnet 1.0
The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products more>> The Telnet protocol provides remote shell capabilities. Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products ? Windows 2000 and Interix 2.2 ? contain unchecked buffers in the code that handles the processing of telnet protocol options.
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
<<lessMicrosoft Windows XP Unchecked Buffer in SNMP Serv Q314147
This update resolves the Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run security vulnerability in Windows XP, and is discussed in Microsoft Security Bulletin MS02-006 more>> This update resolves the "Unchecked Buffer in SNMP Service Could Enable Arbitrary Code to be Run" security vulnerability in Windows XP, and is discussed in Microsoft Security Bulletin MS02-006. Download now to prevent a malicious user from running code of their choice or launching a Denial of Service (DoS) attack on your computer.<<less
Microsoft Windows 98/ME - Unchecked Buffer in UPnP
This update resolves the ?Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise? security vulnerability in Windows 98 and Windows 98 Second Edition with Windows XP Internet more>> This update resolves the ?Unchecked Buffer in Universal Plug and Play Can Lead to System Compromise? security vulnerability in Windows 98 and Windows 98 Second Edition with Windows XP Internet Connection Sharing Client installed. Download now to prevent a malicious user from compromising your computer or using your computer to compromise another computer?s functionality.<<less
Microsoft Data Access Components 2.6 Unchecked Buffer Vulnerability Patch MS02-040
Microsoft Data Access Components 2.6 Unchecked Buffer Vulnerability Patch MS02-040 is a simple to use, yet sophisticated utility which can provide a number of supporting technologies for accessing and using databases. more>>
Microsoft Data Access Components 2.6 Unchecked Buffer Vulnerability Patch MS02-040 is a simple to use, yet sophisticated utility which can provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer.
An attacker who successfully exploited it would be able to take action with all the privileges of an affected SQL Server. At a minimum, this would grant the attacker complete control over the database, and potentially could grant administrative privileges at the operating system level as well.
Microsoft Data Access Components 2.7 Unchecked Buffer Vulnerability Patch MS02-040
The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases more>>
Microsoft Data Access Components 2.7 Unchecked Buffer Vulnerability Patch MS02-040 is developed as a handy and useful program which offers users a lot of useful supporting techniques for approaching and utilizing databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because the MDAC functions underlying OpenRowSet contain an unchecked buffer.
An attacker who successfully exploited it would be able to take action with all the privileges of an affected SQL Server. At a minimum, this would grant the attacker complete control over the database, and potentially could grant administrative privileges at the operating system level as well.
Microsoft Windows 2000 Unchecked Buffer in Telnet Server 1.0
Microsoft Windows 2000 Unchecked Buffer in Telnet Server is a reliable and useful protocol which provides remote shell capabilities. more>>
Microsoft Windows 2000 Unchecked Buffer in Telnet Server 1.0 is a reliable and useful protocol which provides remote shell capabilities.
Microsoft has implemented the Telnet protocol by providing a Telnet Server in several products. The implementations in two of these products ? Windows 2000 and Interix 2.2 ? contain unchecked buffers in the code that handles the processing of telnet protocol options.
An attacker could use this vulnerability to perform a buffer overflow attack. A successful attack could cause the Telnet Server to fail, or in some cases, could possibly allow an attacker to execute code of her choice on the system. Such code would execute using the security context of the Telnet service, but this context varies from product to product. In Windows 2000, the Telnet service always runs as System; in the Interix implementation, the administrator selects the security context in which to run as part of the installation process.
