Operating System » MS Windows » MS Security » Alert: MS Security Bulletins » July 2004

Jul 2004 Microsoft Security Bulletin:

  • MS04-025 Vulnerability in Windows Shell Could Allow Remote Code Execution (KB867801). This update resolves several newly discovered public vulnerabilities: Navigation Method Cross-Domain Vulnerability, Malformed BMP File Buffer Overrun Vulnerability, and Malformed GIF File Double Free Vulnerability.  These Vulnerability allows Remote Code Execution on the Local Computer.
  • MS04-024 Vulnerability in Windows Shell Could Allow Remote Code Execution (KB839645).  This update resolves a newly-discovered, publicly reported vulnerability. A remote code execution vulnerability exists in the way that the Windows Shell launches applications. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, significant user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
  • MS04-023 Vulnerability in HTML Help Could Allow Code Execution (KB840315).  This update resolves two newly-discovered vulnerabilities. The HTML Help vulnerability was privately reported and the showHelp vulnerability is public. Each vulnerability is documented in this bulletin in its own Vulnerability Details section.  If a user is logged on with administrative privileges, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
  • MS04-022 Vulnerability in Task Scheduler Could Allow Code Execution (KB841873).  This update resolves a newly-discovered, privately reported vulnerability. A remote code execution vulnerability exists in the Task Scheduler because of an unchecked buffer. The vulnerability is documented in the Vulnerability Details section of this bulletin.  If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts with full privileges. However, user interaction is required to exploit this vulnerability. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
  • MS04-021 Security Update for IIS 4.0 (KB841373).  This update resolves a newly-discovered, privately reported vulnerability.  An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
  • MS04-020 Vulnerability in POSIX Could Allow Code Execution (KB841872).  This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the POSIX operating system component (subsystem). The vulnerability is documented in the Vulnerability Details section of this bulletin.  An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
  • MS04-019 Vulnerability in Utility Manager Could Allow Code Execution (KB842526).  This update resolves a newly-discovered, privately reported vulnerability. A privilege elevation vulnerability exists in the way that Utility Manager launches applications. A logged-on user could force Utility Manager to start an application with system privileges and could take complete control of the system. The vulnerability is documented in the Vulnerability Details section of this bulletin.  An attacker who successfully exploited this vulnerability could take complete control of an affected system, including installing programs; viewing, changing, or deleting data; or creating new accounts that have full privileges.
  • MS04-018 Cumulative Security Update for Outlook Express (KB823353).  This update resolves a public vulnerability. A denial of service vulnerability exists in Outlook Express because of a lack of robust verification for malformed e-mail headers. The vulnerability is documented in the Vulnerability Details section of this bulletin. This update also changes the default security settings for Outlook Express 5.5 Service Pack 2 (SP2). This change is documented in the Frequently Asked Questions related to this security update section of this bulletin.

Updated On: 15.02.17

Leave your message, comment or feedback:
Your Name (shown) & Your E-mail (hidden) is used only to alert you when someone reply your message.