Windows 2000 Unchecked Buffer Help Security Vulnerability Patch for Windows Free Download

Database Software  3D Modeling Software  Privacy Software & Access control  Database Management Software  System Utilities  Educational & Science Software  Internet Software  Video Software  Networking Software  Games  Communication Software  Security Software  Audio Software  Video Players  Wireless Networking Software  Graphic Design Software  Digital Photo Software  Developer Tools  Business & Office Software  CAD Software  Disk & File Software 
Search by Category
Audio Software
Business & Office Software
CD & DVD Software
Communication Software
Desktop Enhancements
Developer Tools
Digital Photo Software
Disk & File Software
Educational & Science Software
Entertainment & Hobby Software
Graphic Design Software
Home & Family Software
Internet Software
iTunes & iPod Software
Networking Software
Productivity Software
Security Software
System Utilities
Travel & Navigation Software
Video Software
Web Development Software

Windows 2000 Unchecked Buffer Help Security Vulnerability Patch

Windows 2000 Unchecked Buffer Help Security Vulnerability Patch
Version: MS02-055
Platforms: Windows

Categories: Security Software
Upload Date: 2 Nov 15
Developer: Microsoft
Distribution Type: Freeware
Downloads: 0
File Size: 876 Kb
Free Download Windows 2000 Unchecked Buffer Help Security Vulnerability Patch 

Rating: 1.0/5 (Total votes: 1)

The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a Web page hosted on an attacker?s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.

A second vulnerability exists because of flaws associated with the handling of compiled HTML Help files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a Web page or HTML mail delivers a CHM file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the CHM file in the correct zone--the one associated with the Web page or HTML mail that delivered it--the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn?t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.

The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a CHM file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.


Windows 2000

Like it? Share with your friends!   

Other Windows Software of Developer «Microsoft»:

Microsoft DirectX Runtime Web Installer (June 2010)Microsoft DirectX Runtime Web Installer (June 2010)
Microsoft DirectX is a group of technologies designed to make Windows-based computers an ideal platform for running and displaying applications rich in multimedia elements such as full-color graphics, video, 3D animation, and rich audio. DirectX includes s
Microsoft Windows 2000 Patch: Winbond Super I/O ControllerMicrosoft Windows 2000 Patch: Winbond Super I/O Controller
This update addresses an issue in Windows 2000 running on Compaq computer systems that use the Winbond Super I/O disk controller to access the floppy disk drive, and is discussed in Microsoft Knowledge Base (KB) Article Q301077. Download now to prevent you
Microsoft CRM Reports Update: 834790Microsoft CRM Reports Update: 834790
Microsoft CRM Reports Update: 834790 is an update includes three sample parameter-driven reports. Parameter-driven reports improve the reporting performance by limiting the amount of data included in the report, and help provide reports that give only the
Microsoft Windows PowerShell 1.0 for Windows Server 2003Microsoft Windows PowerShell 1.0 for Windows Server 2003
Microsoft Windows PowerShell 1.0 for Windows Server 2003 is a new command-line shell and scripting language designed for system administration and automation. It includes more than 130 command-line tools (called "cmdlets") for performing common system admi
Pocket Streets 2005 Downloadable Maps - GreecePocket Streets 2005 Downloadable Maps - Greece
Download maps of major cities for Greece, in English, French, German, Spanish, Italian and Swedish languages. Your mobile device must be running Microsoft Pocket Streets 2005 for you to be able to view these maps. This version is the first release on CNET
Implementing XML Key Management Services Using ASP.NETImplementing XML Key Management Services Using ASP.NET
This sample code shows how to build a Microsoft ASP.NET Web Service conforming to a SOAP message-based interface specification. Specifically, an interface defined by a Web Services Description Language (WSDL) document describing the SOAP messages and XML t
Triggers Admin Utility (for MSMQ 3.0 on Windows Server 2003)Triggers Admin Utility (for MSMQ 3.0 on Windows Server 2003)
Triggers Admin Utility (for MSMQ 3.0 on Windows Server 2003). Utility to manage triggers for MSMQ 3.0 on Windows Server 2003 computers from the command line. Command line tool to manage triggers for MSMQ 3.0 on Windows Server 2003 computers. This version i
Microsoft Exchange Server 2003 Load Simulator (LoadSim)Microsoft Exchange Server 2003 Load Simulator (LoadSim)
Simulate the performance load of MAPI clients with this benchmarking tool, which allows you to test how a server running Exchange 2003 responds to e-mail loads. This version is the first release on CNET is new in this release:This version
ASP.NET 2.0 AJAX Futures December CTPASP.NET 2.0 AJAX Futures December CTP
ASP.NET AJAX is a set of technologies to add AJAX (Asynchronous JavaScript And XML) support to ASP.NET. It consists of a client-side script framework, and server controls. This version is the first release on CNET is new in this release:T
MSN Search ToolbarMSN Search Toolbar
MSN Search Toolbar with Windows Desktop Search includes three toolbars that will change the way you search your PC and the Web. You can search from: Internet Explorer and Windows Explorer Outlook Your desktop Other features include: Automatic form fil

» show all

Similar Applications:

Video Password Setting ToolVideo Password Setting Tool
Encrypt your video files to exe format.You can set the playback password, playback password will be needed before the user plays an encrypted video. Support various types of video or audio files (e.g., wmv, avi, asf, mpg, rm, rmvb, mp4, flv, and vob) ; av
One-time-pad is the only technique that can withstand any current or future attack because it uses randomly generated data that a computer cannot predict. DataDiscretion provides this one-time-pad capability, previously dismissed as impractical, in a conve
SpyBuddy is the spy software and computer monitoring product for monitoring spouses, children, co-workers, or just about anyone else! SpyBuddy allows you to monitor all areas of your PC, tracking every action down the last keystroke pressed or the last fil
With this software you can legally register your work and prove it is yours in any court of law! In most countries you automatically have copyright the moment you create something, but how do you prove it was you who thought up, developed or worked on y
Folder Lock ProFolder Lock Pro
Folder Lock Pro is a professional security tool to lock, hide and protect your folders and files. With very easy to use interface, just a few click, you can lock your folder and keep it safe, no one can open it without a password. This tool also provide pr
System LockSystem Lock
System Lock safeguards your computer from harm. Armed with a fully customizable block list, the program keeps user-specified screens from appearing. This way, you keep people from accessing items such as the Windows directory, Recycle Bin, and Control Pane
Media FortressMedia Fortress
Media Fortress is a media viewer/explorer that provides 256 AES Encryption. Resize your media, view slide shows, control volume, rewind and fast forward. Modeled after windows file explorer, the program is user friendly and features instant hot key invisib
SteganoG store confidential data of any kind in a bitmap file that the image appears to be unchanged. A powerful compression and an adjustable image quality will also allow you to save relatively large amounts of data. For the security of your data, you ca
ePassword KeeperePassword Keeper
This program allows you to keep track of an unlimited number of passwords, PINs, and credit card numbers, and features encryption, drag-and-drop capabilities, a password generator, and a lock feature for extra security. Version 2.0 has the ability to show
Private EyePrivate Eye
Private Eye is an invisible and easy-to-use PC activity monitoring tool. Records ALL keystrokes typed in any application window, such as user names, passwords, e-mails, chat sessions, instant messages (MSN/AOL/ICQ/AIM). ALL Web sites(URL's) visited in popu

Supported Operating Systems:
Windows 2000 | 

Comments on :

Comments not found



Enter text from image below:

Turn on images!


Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10

© Pantich 2016 all rights reserved