Microsoft Security Bulletin MS03-042
Buffer Overflow in Windows Troubleshooter ActiveX Control Could Allow Code Execution (826232)
Issued: October 15, 2003
Updated: October 29, 2003
Version Number: 2.0
See all Windows bulletins released October, 2003
Who Should Read This Document:
Customers using Microsoft® Windows®
Impact of Vulnerability:
Remote Code Execution
Maximum Severity Rating:
Customers should apply the patch immediately
Tested Software and Patch Download Locations:
- Microsoft Windows 2000, Service Pack 2, Service Pack 3, Service Pack 4 - Download the Patch
Non Affected Software:
- Microsoft Windows NT 4.0
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows Millennium Edition
- Microsoft Windows XP
- Microsoft Windows Server 2003
The software listed above has been tested to determine if the versions are affected. Other versions are no longer supported, and may or may not be affected.
Microsoft thanks the following for working with us to protect customers:
Obtaining other security patches:
Patches for other security issues are available from the following locations:
- Security patches are available from the Microsoft Download Center, and can be most easily found by doing a keyword search for "security_patch".
- Patches for consumer platforms are available from the Windows Update web site
- Technical support is available from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls associated with security patches.
- The Microsoft TechNet Security Web Site provides additional information about security in Microsoft products.
- Microsoft Software Update Services: http://www.microsoft.com/sus/
- Microsoft Baseline Security Analyzer (MBSA) details: http://www.microsoft.com/mbsa. Please see http://support.microsoft.com/default.aspx?scid=kb;EN-US;306460 for list of security patches that have detection limitations with MBSA tool.
- Windows Update Catalog: http://support.microsoft.com/default.aspx?scid=kb;EN-US;323166
- Windows Update: http://windowsupdate.microsoft.com
- Office Update: http://office.microsoft.com/officeupdate/
The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
- V1.0 October 15, 2003: First Published.
- V1.1 October 21, 2003: Updated product specific information in the Security Patch Information section.
- V2.0 October 29, 2003: A revised version of the security patch for Windows 2000 has been released to correct the issue documented by Knowledge Base Article 830846.