Windows 2000 Unchecked Buffer Help Security Vulnerability Patch for Windows Free Download in Security Software Tag

     
Tags
Digital Photo Software  Business & Office Software  Privacy Software & Access control  3D Modeling Software  Developer Tools  Disk & File Software  Graphic Design Software  Communication Software  Video Software  Educational & Science Software  Database Management Software  Wireless Networking Software  Drivers  Internet Software  CAD Software  System Utilities  Audio Software  Networking Software  Video Players  Games  Security Software 
Search by Category
Audio Software
Browsers
Business & Office Software
CD & DVD Software
Communication Software
Desktop Enhancements
Developer Tools
Digital Photo Software
Disk & File Software
Drivers
Educational & Science Software
Entertainment & Hobby Software
Games
Graphic Design Software
Home & Family Software
Internet Software
iTunes & iPod Software
Networking Software
Productivity Software
Screensavers
Security Software
Anti-Spyware
Antivirus Software
Corporate Security Software
Encryption & Decryption Software
Firewall Software
Internet Security Software Suites
Keyloggers
Password Managers
Privacy Software & Access control
Security Monitoring Software
System Utilities
Travel & Navigation Software
Video Software
Web Development Software
     




 
 
Windows 2000 Unchecked Buffer Help Security Vulnerability Patch

Windows 2000 Unchecked Buffer Help Security Vulnerability Patch
Version: MS02-055
Platforms: Windows

Categories: Security Software
Upload Date: 2 Nov 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 0
File Size: 876 Kb
Free Download Windows 2000 Unchecked Buffer Help Security Vulnerability Patch 

Rating: 1.0/5 (Total votes: 1)


 
The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a Web page hosted on an attacker?s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.

A second vulnerability exists because of flaws associated with the handling of compiled HTML Help files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a Web page or HTML mail delivers a CHM file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the CHM file in the correct zone--the one associated with the Web page or HTML mail that delivered it--the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn?t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.

The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a CHM file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.

Requirements:

Windows 2000

 
Like it? Share with your friends!   
 

Other Windows Software of Developer «Microsoft»:

Office 2003: XML Reference SchemasOffice 2003: XML Reference Schemas
This download contains documentation on a number of XML schemas for Microsoft Office 2003 Editions including Microsoft Office Word 2003, Microsoft Office Excel 2003, Microsoft Office InfoPath 2003, and Microsoft Office Visio 2003 schemas. It also includes
Microsoft Entertainment PackMicrosoft Entertainment Pack
Featuring games by Alexey Pajitnov, the Russian mastermind behind Tetris. 10 original mind-twisting puzzles with infinite variations - you do the math. They are easy to play, but to master them is another story. You'll find they are so challenging and addi
VIA Microsoft AC97 Enhanced Audio Driver 64-bitVIA Microsoft AC97 Enhanced Audio Driver 64-bit
This package provides the installation files for Microsoft AC97 Audio for VIA Enhanced Audio Controller version 6.0.6001.18000.In order to manually update your driver, follow the steps below (the next steps):1. Go to Device Manager (right click on My Compu
Windows Server 2003 SP1 Platform SDK Web InstallWindows Server 2003 SP1 Platform SDK Web Install
Microsoft Windows Server 2003 SP1 Platform SDK - April 2005 Edition. The Platform SDK for Microsoft Windows Server 2003 SP1 contains the information and tools you need to develop Windows-based applications. You can use this SDK to develop both 32- and 64-b
Security Update for Windows XP - IA64Security Update for Windows XP - IA64
A security issue has been identified that could allow an attacker to compromise a computer running Windows and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to r
Office 2000 Customizable Alerts Info ButtonOffice 2000 Customizable Alerts Info Button
Microsoft Office 2000 Customizable Alerts adds a Web Info button to many of the most frequently occurring and difficult to troubleshoot Office alerts. Microsoft Office 2000 Customizable Alerts add a Web Info button to many of the most frequently occurring
PowerPoint Viewer 2003PowerPoint Viewer 2003
PowerPoint Viewer 2003 lets you view full-featured presentations created in PowerPoint 97 and later versions. This viewer also supports opening password-protected Microsoft PowerPoint presentations. You can view and print presentations, but you cannot edit
Automated video looping with progressive dynamismAutomated video looping with progressive dynamism
An application to extract a 5 second looping video from a non-looping input video. Also a viewer application to enable both interactive control over the level of dynamism of the output video, as well as manual editing of which regions animate or are static
Check List Sample: Using the CommandBand Controls in Microsoft Windows CECheck List Sample: Using the CommandBand Controls in Microsoft Windows CE
Microsoft Windows CE contains a new control called the CommandBand, a hybrid of the rebar control found on the Windows desktop and server platforms and the traditional menu bar. CommandBand controls can host buttons, menu items, and even combo boxes. With
Windows Management Instrumentation (WMI) SNMP Provider 1.5 Build 1085.0005Windows Management Instrumentation (WMI) SNMP Provider 1.5 Build 1085.0005
The SNMP Provider allows WMI to surface SNMP information. Build 1085.0005. This version is the first release on CNET Download.com.What is new in this release:This version is the first release on CNET Download.com.Requirements:Windows NT/2000/XP

» show all

 
Similar Applications:

HashMakerHashMaker
HashMaker is an application that allows you to make hashes of your files. It will record a log file with filenames only, full names, and checksum file entries options. Supported hashes are: CRC32, md5, sha1, sha256, sha384, and sha512. Includes Windows she
Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me)Microsoft Web Client NTLM Authentication Vulnerability Patch (Windows Me)
This patch eliminates a security vulnerability in a component that ships with Microsoft Office 2000, Windows 2000, and Windows Me. The vulnerability could, under certain circumstances, allow a malicious user to obtain cryptographically protected logon cred
SensiGuard (64-bit)SensiGuard (64-bit)
Is the personal information on your computer safe? Do you store private, sensitive files in unprotected folders? How can you safeguard your privacy and make your data impenetrable to prying eyes? Relax. SensiGuard folder encryption software's got you cover
SteganoGSteganoG
SteganoG store confidential data of any kind in a bitmap file that the image appears to be unchanged. A powerful compression and an adjustable image quality will also allow you to save relatively large amounts of data. For the security of your data, you ca
Desktop SpyDesktop Spy
Desktop Spy secretly takes pictures of your computer screen, records all applications loaded, Web sites visited, chat conversations, e-mail activity, and anything else that is visible on the screen. You can take pictures of the entire screen or just of act
Club BackupClub Backup
Free Online Backup! ClubBackup lets you keep an automatic backup of your important files. When you edit or add a file, ClubBackup keeps a copy of this change so you can always recover any file you may have accidentally lost or damaged.What is new in this
Microsoft Data Access Components 2.5 Unchecked Buffer VulnerabilityMicrosoft Data Access Components 2.5 Unchecked Buffer Vulnerability
The Microsoft Data Access Components (MDAC) provide a number of supporting technologies for accessing and using databases. Included among these functions is the underlying support for the T-SQL OpenRowSet command. A security vulnerability results because t
Encrypt CareEncrypt Care
Encrypt Care is an easy to use, but powerful encryption software which allows user to encrypt or decrypt text and files in batch mode, generate, verify and export ckecksums. Encrypt Care allows you to protect your data using the most powerful encryption al
FolderWatchFolderWatch
FolderWatch is a program that monitors changes to a number of folders on your computer and makes copies of files found in monitored folders. FolderWatch works in background and makes copies of your work as soon as changes are made to files. In fact, once y
Windows Certificate Enrollment Control Vulnerability Patch (Windows XP)Windows Certificate Enrollment Control Vulnerability Patch (Windows XP)
All versions of Windows ship with an ActiveX control known as the Certificate Enrollment Control, the purpose of which is to allow Web-based certificate enrollments. The control contains a flaw that could enable a Web page, through an extremely complex pro
 

Supported Operating Systems:
Windows 2000 | 
 

Comments on Windows 2000 Unchecked Buffer Help Security Vulnerability Patch:

Comments not found

Name:


Comment:


Enter text from image below:

Turn on images!

 
 
 

Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10

© Pantich 2016 all rights reserved