My apologies. I don't know why nothing has been going right the last two days. I went to that page, right clicked and chose "Open in IE Tab". It didn't work. This is the page that I got:

Action canceled
Internet Explorer was unable to link to the Web page you requested. The page might be temporarily unavailable.

--------------------------------------------------------------------------------

Please try the following:

Click the Refresh button, or try again later.

If you have visited this page previously and you want to view what has been stored on your computer, click File, and then click Work Offline.

For information about offline browsing with Internet Explorer, click the Help menu, and then click Contents and Index.

Internet Explorer


I tried re-installing IE Tab, and it still didn't work.

Am I doing something wrong?

- Rachel

No sounds as though Kaspersky site may have been busy or experiencing problems. If it still won't work try the following scan instead. You will still need to use IE Tab.

• Please go to the following link ESET Online Scanner Link
• Tick the box YES, I accept the Terms Of Use
• Click the Start button
• Now click the Install button
• Click Start
  
  The scanner engine will initialise and update
  
• Do Not tick the box Remove found threats
• Click the Scan button
  
  The scan will now run, please be patient
  
• When the scan finishes click the Details tab
• Copy and paste the contents of the %ProgramFiles%\EsetOnlineScanner\log.txt back here.

IE Tab didn't work for that scanner either, so I tried it on about 10 different web pages. It didn't work, so unfortunately the problem seems to be IE Tab.

Hi ere

From Control Panel > Add/Remove Programs click on Add/Remove Windows Components. From the Windows Components Wizard uncheck Internet Explorer then click next to remove Internet Explorer. Repeat the process and put a check next to Internet Explorer to re-install.

In both Internet Explorer and Firefox ensure 'Work Offline' is unticked from the File menu. Try scanning again with either Internet Explorer or IE-Tab and let us know how that goes.

I'm hesitant to go for the Service Pack 2 update until I have seen results of an online scan. If you still have problems this time I will need to call on some help from others but I will be offline this weekend. Perhaps if Phil is still watching the thread he may have a few more ideas.

Hi Rachel, MT:

I am pretty much on the same page with what you have been doing which is why I've stayed out of the way

-- I think Trend Micro's HouseCall is Firefox friendly....

http://housecall.trendmicro.com/

You could try that.

Also, do the following:
Please download Malwarebytes' Anti-Malware (MBA-M) to your Desktop.

• DoubleClick mbam-setup.exe and follow the prompts to install MBA-M.
• Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When MBA-M finishes, Notepad will open with the log. Please save it where you can find it easily. The log can also be opened by Clicking Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Please post logs from those two scans - They ought to give a pretty good idea if malware is residing on your compy and whether it is safe to install further updates/patches....

I imagine that once SP2 and any other Hotfixes are installed, IE7 will operate properly . . . Though I still prefer Firefox.

I'll butt out again.

Best Luck
PP

An update:

Sorry it's been so long since I've updated. I tried MT's last batch of IE fixes, and that didn't work to restore IE or get IE tab to function. So I moved on to PP's suggestion of Trendmicro. Unfortunately, I've run into some road blocks with that. I tried to run it four nights in a row, but the scan was always interrupted somehow (or had trouble starting). Last night I finally got the scan to work, but I didn't have time to check it before I went to bed, or in the morning before work. When I got home from work tonight, my wireless connection had gone dead (it sometimes times out if I've been idle for too long and I have to restart my computer to get it back up and running - I don't know why this happens) and I couldn't complete the malware deletion step.

Here's my conclusion...I need to run the scan and do all the deletions/fixes etc. in one sitting. Unfortunately I have to get up for work at 3:30 in the morning, so I rarely have more than an hour or two after work before I have to be in bed. I will have more time tomorrow evening because I go into work late on Fridays, so I will attempt it again then. Wish me luck.

In the meantime, when I ran Trendmicro, I couldn't find a way to save a log of what it found. Is there a way to do that so I can post it here for you?

I finally managed to complete the trend micro scan, but was still unable to find a way to create a log of the scan results. I just copied and pasted the list of vulnerabilities that the scan found in its entirety - I hope it actually makes sense you two...

I'm going to run the other scan that PP advised now, and I will post those results when it's done.

Thanks!

--------------------------------------------------------------------------

Detected vulnerabilities

Unchecked Buffer In Windows Component Could Cause Server Compromise

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in N...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT 4.0
Microsoft Windows NT 4.0
Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Malware exploiting this vulnerability: AGOBOT FAMILY, BKDR_RBOT.B, BKDR_SDBOT.CC, TROJ_KAHT.A, TROJ_ROLARK.A, TROJ_WCOT.A, WORM_GAOBOT.AC, WORM_KIBUV.B, WORM_MUMU.C, WORM_NACHI.A, WORM_NACHI.B, WORM_NACHI.C, WORM_NACHI.D, WORM_NACHI.F, WORM_NACHI.G, WORM_NACHI.I, WORM_NACHI.K, WORM_RBOT.AA, WORM_RBOT.AB, WORM_RBOT.AE, WORM_RBOT.AF, WORM_RBOT.AJ, WORM_RBOT.BZ, WORM_RBOT.CC, WORM_RBOT.EM, WORM_RBOT.R, WORM_RBOT.TW, WORM_RBOT.W, WORM_RBOT.WU, WORM_RBOT.ZA, WORM_SDBOT.BV, WORM_SDBOT.CC, WORM_SDBOT.DZ, WORM_SDBOT.FB, WORM_SDBOT.FC, WORM_SDBOT.FD, WORM_SDBOT.FE, WORM_SDBOT.FQ, WORM_SDBOT.G, WORM_SDBOT.GO, WORM_SDBOT.IG, WORM_SDBOT.IY, WORM_SDBOT.JG, WORM_SDBOT.JS, WORM_SDBOT.JT, WORM_SDBOT.JY, WORM_SDBOT.K, WORM_SDBOT.KY, WORM_SDBOT.M, WORM_SDBOT.MD, WORM_SDBOT.MG, WORM_SDBOT.MH, WORM_SDBOT.PF, WORM_SDBOT.WY, WORM_SDBOT.ZY, WORM_SPYBOT.AP, WORM_SPYBOT.CG, WORM_SPYBOTER.CY, WORM_SPYBOTER.CZ
This vulnerability enables a remote attacker to execute arbitrary code through a WebDAV request to IIS 5.0. This is caused by a buffer overflow in NTDLL.DLL on Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP.
More information about this vulnerability and its elimination.

Cumulative Patch for Outlook Express (330994)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer.
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Outlook Express 5.5
Microsoft Outlook Express 6.0
Malware exploiting this vulnerability: BKDR_LORRAC.A, JS_CBASE.EXP1, JS_SEFEX.A, WORM_BUGBEAR.C, WORM_CASPID.A, WORM_CASPID.B, WORM_DARBY.C, WORM_DARBY.D, WORM_LORAC.A, WORM_MIMAIL.A, WORM_MIMAIL.D
This vulnerability enables a remote attacker to execute any file that can be rendered as text, and be opened as part of a page in Internet Explorer.
More information about this vulnerability and its elimination.

Unchecked Buffer in DirectX Could Enable System Compromise

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer ove...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft DirectX 5.2 on Windows 98
Microsoft DirectX 6.1 on Windows 98 SE
Microsoft DirectX 7.1 on Windows Millennium Edition
Microsoft DirectX 7.0 on Windows 2000
Microsoft DirectX 8.0
8.0a
8.1
8.1a
and 8.1b when installed on Windows 98
Windows 98 SE
Windows Millennium Edition or Windows 2000
Microsoft DirectX 8.1 on Windows XP or Windows Server 2003
Microsoft DirectX 9.0a when installed on Windows 98
Windows 98 SE
Windows Millennium Edition (Windows Me)
Windows 2000
Windows XP
or Windows Server 2003
Microsoft Windows NT 4.0 with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed
Microsoft Windows NT 4.0
Terminal Server Edition with either Windows Media Player 6.4 or Internet Explorer 6 Service Pack 1 installed
Malware exploiting this vulnerability: unknown
This vulnerability enables a remote attacker to execute arbitrary code through a specially crafted MIDI file. This is caused by multiple buffer overflows in a Microsoft Windows DirectX MIDI library (QUARTZ.DLL).
More information about this vulnerability and its elimination.

Cumulative Patch for Internet Explorer (828750)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, ...
More information about this vulnerability and its elimination.
Affected programs and services: Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6.0
Internet Explorer 6.0 for Windows Server 2003
Malware exploiting this vulnerability: BKDR_LIDUAN.A, HTML_ALPHX.A, HTML_ALPHX.C, HTML_ALPHX.E, HTML_BAGLE.Q-1, HTML_DELPLAYER.A, HTML_IWILL.D, HTML_LEGENDMIR.I, HTML_MINIT.A, HTML_OBJECTTAG.A, HTML_SNAPPER.A, PE_BAGLE.Q, PE_BAGLE.R, PE_BAGLE.S, PE_BAGLE.T, TROJ_MINIT.A, TROJ_QHOSTS.A, VBS_DELUD.A, VBS_SHOWPOP.A, WORM_ALPHX.A, WORM_NETSKY.V, WORM_SNAPPER.A
These vulnerabilities, which are due to Internet Explorer not properly determining an object type returned from a Web server in a popup window or during XML data binding, respectively, could allow an attacker to run arbitrary code on a user's system.
More information about this vulnerability and its elimination.

Vulnerability in Authenticode Verification Could Allow Remote Code Execution (823182)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through S...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Terminal Server Edition
Service Pack 6
Microsoft Windows 2000
Service Pack 2
Microsoft Windows 2000
Service Pack 3
Service Pack 4
Microsoft Windows XP Gold
Service Pack 1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-bit Edition
Malware exploiting this vulnerability: unknown
This vulnerability allows a remote attacker to execute arbitrary code without user approval. This is caused by the authenticode capability in Microsoft Windows NT through Server 2003 not prompting the user to download and install ActiveX controls when system is low on memory.
More information about this vulnerability and its elimination.

Buffer Overrun in Messenger Service Could Allow Code Execution (828035)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service f...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0
Terminal Server Edition
Service Pack 6
Microsoft Windows 2000
Service Pack 2
Service Pack 3
Service Pack 4
Microsoft Windows XP Gold
Service Pack 1
Microsoft Windows XP 64-bit Edition
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-bit Edition
Malware exploiting this vulnerability: WORM_KIBUV.B
This vulnerability allows a remote attacker to execute arbitrary code on the affected system. This is caused of a buffer overflow in the Messenger Service for Windows NT through Server 2003.
More information about this vulnerability and its elimination.

Buffer Overrun in the ListBox and in the ComboBox Control Could Allow Code Execution (824141)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox contro...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Gold
Service Pack 1
Microsoft Windows XP 64 bit Edition
Microsoft Windows XP 64 bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64 bit Edition
Malware exploiting this vulnerability: unknown
This vulnerability is due to a buffer overrun in the ListBox and ComboBox controls found in User32.dll. Any program that implements the ListBox control or the ComboBox control could allow arbitrary code to be executed at the same privilege level. This vulnerability cannot be exploited remotely.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (832894)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition
Service Pack 6
Microsoft Windows 2000 Service Pack 2
Service Pack 3
Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003
64-Bit Edition
Internet Explorer 6 Service Pack 1
Internet Explorer 6 Service Pack 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
Internet Explorer 6
Internet Explorer 5.5 Service Pack 2
Internet Explorer 5.01 Service Pack 4
Internet Explorer 5.01 Service Pack 3
Internet Explorer 5.01 Service Pack 2
Malware exploiting this vulnerability: HTML_BAYFRAUD.B, HTML_GOLDFRAUD.A, HTML_PACHFRAUD.A, HTML_PAYPFRAUD.A, HTML_PAYPFRAUD.B, HTML_SWENFRAUD.A, HTML_VISAFRAUD.A, TROJ_STRTPAGE.FI
This vulnerability could allow an attacker to access information from other Web sites, access files on a user's system, and run arbitrary code on a user's system, wherein this is executed under the security context of the currently logged on user.;This vulnerability could allow an attacker to save a file on the user’s system. This is due to dynamic HTML events related to the drag-and-drop of Internet Explorer.;This vulnerability, which is due to the incorrect parsing of URLs which contain special characters, could allow an attacker to trick a user by presenting one URL in the address bar, wherein it actually contains the content of another web site of the attacker’s choice.
More information about this vulnerability and its elimination.

Cumulative Security Update for Outlook Express (837009)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT® Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Microsoft Outlook Express 5.5 SP2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 SP1
Microsoft Outlook Express 6 SP1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Malware exploiting this vulnerability: BKDR_ZGOO.A, HTML_JACKLER.A, HTML_MHTREDIR.B, HTML_MHTREDIR.C, HTML_MHTREDIR.D, HTML_REDIR.AC, HTML_REDIR.B, VBS_PSYME.E, WORM_WALLON.A
The MHTML URL Processing Vulnerability allows remote attackers to bypass domain restrictions and execute arbitrary code via script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers.This could allow an attacker to take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Help and Support Center Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attack...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This vulnerability exists in the Help and Support Center (HCP) and is due to the way it handles HCP URL validation. This vulnerability could allow an attacker to remotely execute arbitrary code with Local System privileges.
More information about this vulnerability and its elimination.

Vulnerability in DirectPlay Could Allow Denial of Service (839643)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsof...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)
Microsoft DirectX 7.0a
7.1
8.1
8.1a
8.1b
8.2
9.0
9.0a
9.0b on Windows 98
Windows 98 Second Edition
Windows Millennium Edition
Microsoft DirectX 8.0
8.0a
when installed on Windows 2000
Microsoft DirectX 8.1
8.1a
8.1b when installed on Windows 2000
Microsoft DirectX 8.2 when installed on Windows 2000
or Windows XP
Microsoft DirectX 9.0
9.0a
9.0b when installed on Windows 2000
Windows XP
or Windows Server 2003
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Malware exploiting this vulnerability: unknown
This is a denial of service (DoS) vulnerability. It affects applications that implement the IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay. Applications that use this API are typically network-based multiplayer games.;An attacker who successfully exploits this vulnerability could cause the DirectX application to fail while a user is playing a game. The affected user would then have to restart the application.
More information about this vulnerability and its elimination.

Cumulative Security Update for Outlook Express (823353)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restartin...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows Millennium Edition (Me)
Microsoft Outlook Express 5.5 Service Pack 2
Microsoft Outlook Express 6
Microsoft Outlook Express 6 Service Pack 1
Microsoft Outlook Express 6 Service Pack 1 (64 bit Edition)
Microsoft Outlook Express 6 on Windows Server 2003
Microsoft Outlook Express 6 on Windows Server 2003 (64 bit edition)
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Malware exploiting this vulnerability: unknown
A denial of service (DoS) vulnerability exists in Outlook Express that could cause the said program to fail. The malformed email should be removed before restarting Outlook Express in order to regain its normal operation.
More information about this vulnerability and its elimination.

Vulnerability in Task Scheduler Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected mac...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Internet Explorer 6 when installed on Windows NT 4.0 SP6a
Malware exploiting this vulnerability: unknown
This vulnerability lies in an unchecked buffer within the Task Scheduler component. When exploited, it allows the attacker to execute arbitrary code on the affected machine with the same privileges as the currently logged on user.
More information about this vulnerability and its elimination.

Vulnerability in HTML Help Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the a...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0
Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
An attacker who successfully exploits this vulnerability could gain the same privileges as that of the currently logged on user. If the user is logged in with administrative privileges, the attacker could take complete control of the system. User accounts with fewer privileges are at less risk than users with administrative privileges.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (867801)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Workstation 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 2
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)
Internet Explorer 5.01 Service Pack 2
Internet Explorer 5.01 Service Pack 3
Internet Explorer 5.01 Service Pack 4
Internet Explorer 5.5 Service Pack 2
Internet Explorer 6
Internet Explorer 6 Service Pack 1
Internet Explorer 6 Service Pack 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition)
Malware exploiting this vulnerability: unknown
The Navigation Method Cross-Domain Vulnerability is a remote execution vulnerability that exists in Internet Explorer because of the way that it handles navigation methods. An attacker could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visits a malicious Web site.;The Malformed BMP File Buffer Overrun Vulnerability exists in the processing of BMP image file formats that could allow remote code execution on an affected system.;The Malformed GIF File Double Free Vulnerability is a buffer overrun vulnerability that exists in the processing of GIF image file formats that could allow remote code execution on an affected system.
More information about this vulnerability and its elimination.

Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnera...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Project 2002 (All Versions)
Microsoft Project 2003 (All Versions)
Microsoft Visio 2002 (All Versions)
Microsoft Visio 2003 (All Versions)
Microsoft Office XP Service Pack 3
Microsoft Office System 2003
Visual Basic .NET Standard 2002
Visual C# .NET Standard 2002
Visual C++ .NET Standard 2002
Visual Basic .NET Standard 2003
Visual C# .NET Standard 2003
Visual C++ .NET Standard 2003
Visual J# .NET Standard 2003
Visual Studio .NET 2002
Visual Studio .NET 2003
Microsoft .NET Framework
Version 1.0 SDK
Microsoft Picture It! 2002 (All Versions)
Microsoft Greetings 2002
Microsoft Picture It! version 7.0 (All Versions)
Microsoft Digital Image Pro version 7.0
Microsoft Picture It! version 9 (All Versions
including Picture It! Library)
Digital Image Pro version 9
Digital Image Suite version 9
Microsoft Producer for Microsoft Office PowerPoint (All Versions)
Platform SDK Redistributable: GDI+
Malware exploiting this vulnerability: unknown
This vulnerability lies in the way the affected components process JPEG image files. An unchecked buffer within this process is the cause of the vulnerability.;This remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges. The malicious user or malware can execute arbitrary code on the system giving them the ability to install or run programs and view or edit data with full privileges. Thus, this vulnerability can conceivably be used by a malware for replication purposes.
More information about this vulnerability and its elimination.

Vulnerability in NetDDE Could Allow Remote Code Execution (841533)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected syste...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
An unchecked buffer exists in the NetDDE services that could allow remote code execution. An attacker who is able to successfully exploit this vulnerability is capable of gaining complete control over an affected system. However, the NetDDe services are not automatically executed, and so would then have to be manually started for an attacker to exploit this vulnerability. This vulnerability also allows attackers to perform a local elevation of privilege, or a remote denial of service (DoS) attack.
More information about this vulnerability and its elimination.

Security Update for Microsoft Windows (840987)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This cumulative release from Microsoft covers four newly discovered vulnerabilities: Windows Management Vulnerability, Virtual DOS Machine Vulnerability, Graphics Rendering Engine Vulnerability, and Windows Kernel Vulnerability.
More information about this vulnerability and its elimination.

Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code ex...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This is another privately reported vulnerability about Windows Compressed Folders. There is vulnerability on the way that Windows processes Compressed (Zipped) Folders that could lead to remote code execution. Windows can not properly handle the extraction of the ZIP folder with a very long file name. Opening a specially crafted compressed file, a stack-based overflow occurs, enabling the remote user to execute arbitrary code.
More information about this vulnerability and its elimination.

Vulnerability in Windows Shell Could Allow Remote Code Execution (841356)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could en...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This security bulletin focuses on the following vulnerabilities: Shell Vulnerability (CAN-2004-0214), and Program Group Converter Vulnerability (CAN-2004-0572). Shell vulnerability exists on the way Windows Shell launches applications that could enable remote malicious user or malware to execute arbitrary code. Windows Shell function does not properly check the length of the message before copying to the allocated buffer. Program Group Converter is an application used to convert Program Manager Group files that were produced in Windows 3.1, Windows 3.11, Windows for Workgroups 3.1, and Windows for Workgroups 3.11 so that they can still be used by later operating systems. The vulnerability lies in an unchecked buffer within the Group Converter Utility.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (834707)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Pa...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP
Microsoft Windows XP Service Pack 1
and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (Me)
Internet Explorer 5.01 Service Pack 3 on Windows 2000 SP3
Internet Explorer 5.01 Service Pack 4 on Windows 2000 SP4
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Me
Internet Explorer 6 on Windows XP
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 3
on Microsoft Windows 2000 Service Pack 4
on Microsoft Windows XP
or on Microsoft Windows XP Service Pack 1
Internet Explorer 6 Service Pack 1 on Microsoft Windows NT Server 4.0 Service Pack 6a
on Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6
on Microsoft Windows 98
on Microsoft Windows 98 SE
or on Microsoft Windows Me
Internet Explorer 6 for Windows XP Service Pack 1 (64-Bit Edition)
Internet Explorer 6 for Windows Server 2003
Internet Explorer 6 for Windows Server 2003 64-Bit Edition and Windows XP 64-Bit Edition Version 2003
Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Malware exploiting this vulnerability: unknown
This is a remote code execution vulnerability that exists in the Internet Explorer. It allows remote code execution on an affected system. An attacker could exploit this vulnerability by constructing a malicious Web Page. The said routine could allow remote code execution if a user visited a malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (889293)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such t...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (Me)
Malware exploiting this vulnerability: JS_SHEXPLOIT.A, WORM_BOFRA.A, WORM_BOFRA.B, WORM_BOFRA.C, WORM_BOFRA.E
This security update addresses and resolves a vulnerability in Internet Explorer that could allow remote code execution. A Web page can be crafted to exploit this vulnerability such that an arbitrary application can be executed on visiting systems with the same priviledge as the currently logged on user.
More information about this vulnerability and its elimination.

Vulnerability in WordPad Could Allow Code Execution (885836)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003 Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
and Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This security advisory explains the two discovered vulnerabilities in Microsoft Word for Windows 6.0 Converter, which is used by WordPad in converting Word 6.0 to WordPad file format. Once exploited, this remote code execution vulnerability could allow a malicious user or a malware to take complete control of the affected system if the affected user is currently logged on with administrative privileges.
More information about this vulnerability and its elimination.

Vulnerability in HyperTerminal Could Allow Code Execution (873339)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTermi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability exists in HyperTerminal because of a buffer overrun. If a user is logged on with administrator privileges, an attacker could exploit the vulnerability by constructing a malicious HyperTerminal session file that could potentially allow remote code execution and then persuade a user to open this file. This malicious file may enable the attacker to gain complete control of the affected system. This vulnerability could also be exploited through a malicious Telnet URL if HyperTerminal had been set as the default Telnet client.
More information about this vulnerability and its elimination.

Vulnerabilities in Windows Kernel and LSASS Could Allow Elevation of Privilege (885835)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute progra...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This security update addresses and resolves two windows vulnerabilites, both of which may enable the current user to take control of the affected system. Both of these vulnerabilites require that the curernt user be able to log on locally and execute programs. They cannot be exploited remotely, or by anonymous users. A privilege elevation vulnerability exists in the way that the Windows Kernel launches applications. This vulnerability could allow the current user to take complete control of the system. A privilege elevation vulnerability exists in the way that the LSASS validates identity tokens. This vulnerability could allow the current user to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerability in HTML Help Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow inf...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, publicly reported vulnerability. A vulnerability exists in the HTML Help ActiveX control in Windows that could allow information disclosure or remote code execution on an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take comp...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows NT Server 4.0 Service Pack 6a
Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This update resolves several newly-discovered, privately reported and public vulnerabilities. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system, install programs, view, change, or delete data, or create new accounts that have full privileges.
More information about this vulnerability and its elimination.

Vulnerability in the Indexing Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Version 2003
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Malware exploiting this vulnerability: unknown
This update resolves a newly-discovered, privately reported vulnerability. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs, view, change, or delete data, or create new accounts with full privileges. While remote code execution is possible, an attack would most likely result in a denial of service condition.
More information about this vulnerability and its elimination.

Vulnerability in Windows Could Allow Information Disclosure (888302)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an op...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Malware exploiting this vulnerability: unknown
This is an information disclosure vulnerability. An attacker who successfully exploits this vulnerability could remotely read the user names for users who have an open connection to an available shared resource.
More information about this vulnerability and its elimination.

Vulnerability in Windows Shell Could Allow Remote Code Execution (890047)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in the way Windows handles drag-and-drop events. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow an attacker to save a file on the user’s system if a user visited a malicious Web site or viewed a malicious e-mail message.
More information about this vulnerability and its elimination.

Vulnerability in PNG Processing Could Allow Remote Code Execution (890261)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft MSN Messenger 6.0
Microsoft MSN Messenger 6.1
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Media Player 9 Series
Microsoft Windows Messenger version 5.0
Microsoft Windows Millennium Edition
Microsoft Windows Messenger version 4.7.0.2009
Microsoft Windows Messenger version 4.7.0.3000
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in the processing of PNG image formats. An attacker who successfully exploits this vulnerability could take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Server Message Block Could Allow Remote Code Execution (885250)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take com...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in Server Message Block (SMB). It allows an attacker who successfully exploits this vulnerability to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerability in OLE and COM Could Allow Remote Code Execution (873333)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This v...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Exchange 2000 Server Service Pack 3
Microsoft Exchange Server 2003
Microsoft Exchange Server 2003 Service Pack 1
Microsoft Exchange Server 5.0 Service Pack 2
Microsoft Exchange Server 5.5 Service Pack 4
Microsoft Office 2003
Microsoft Office 2003 Service Pack 1
Microsoft Office XP
Microsoft Office XP Service Pack 2
Microsoft Office XP Service Pack 3
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This privilege elevation vulnerability exists in the way that the affected operating systems and programs access memory when they process COM structured storage files. This vulnerability could grant a currently logged-on user to take complete control of the system.;This remote code execution vulnerability exists in OLE because of the way that it handles input validation. An attacker could exploit the vulnerability by constructing a malicious document that could potentially allow remote code execution.
More information about this vulnerability and its elimination.

Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execu...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 3
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability exists in the DHTML Editing Component ActiveX Control. This vulnerability could allow information disclosure or remote code execution on an affected system.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (867282)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of a...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Internet Explorer 5.01 Service Pack 3
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 5.5 Service Pack 2
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 64-Bit Edition)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003)
Microsoft Internet Explorer 6.0 (Microsoft Windows XP 64-Bit Edition Service Pack 1)
Microsoft Internet Explorer 6.0 (Microsoft Windows XP 64-Bit Edition Version 2003)
Microsoft Internet Explorer 6.0 Service Pack 1
Microsoft Windows 2000 Server Service Pack 3
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This update resolves known vulnerabilities affecting Internet Explorer. An attacker who successfully exploits these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulner...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability exists in the Hyperlink Object Library. This problem exists because of an unchecked buffer while handling hyperlinks. An attacker could exploit the vulnerability by constructing a malicious hyperlink which could potentially lead to remote code execution if a user clicks a malicious link within a Web site or e-mail message.
More information about this vulnerability and its elimination.

Vulnerability in Windows Shell that Could Allow Remote Code Execution (893086)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: HKTL_EXPLANI.A, HKTL_PNGEXP.A, HKTL_PNGFILE.A
A remote code execution vulnerability exists in the Windows Shell because of the way that it handles application association. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of the affected system. However, user interaction is required to exploit this vulnerability.
More information about this vulnerability and its elimination.

Vulnerability in Message Queuing Could Allow Code Execution (892944)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete con...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows XP
64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP Service Pack 1
Malware exploiting this vulnerability: HKTL_EXPLANI.A, HKTL_PNGEXP.A, HKTL_PNGFILE.A
A remote code execution vulnerability exists in Message Queuing that could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege and Denial of Service

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnera...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security bulletin resolves newly-discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Vulnerabilities in TCP/IP Could Allow Remote Code Execution and Denial of Service (893066)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves newly discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnera...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Malware exploiting this vulnerability: HKTL_EXPLANI.A, HKTL_PNGEXP.A, HKTL_PNGFILE.A
This security bulletin resolves newly discovered, privately-reported vulnerabilities affecting Windows. An attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. However, an attacker who successfully exploited the most severe of these vulnerabilities would most likely cause the affected system to stop responding.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (890923)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Internet Explorer 5.01 Service Pack 3
Microsoft Internet Explorer 5.01 Service Pack 4
Microsoft Internet Explorer 5.5 Service Pack 2
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 Service Pack 1
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security bulletin resolves three newly-discovered, privately-reported vulnerabilities affecting Internet Explorer. If a user is logged on with administrative user rights, an attacker who successfully exploited any of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (883939)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an att...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Internet Explorer 5.01 Service Pack 3 (Microsoft Windows 2000 Service Pack 3)
Microsoft Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 3)
Microsoft Internet Explorer 5.5 Service Pack 2 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 -- Itanium)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003)
Microsoft Internet Explorer 6 (Microsoft Windows XP 64-Bit Edition Version 2003 -- Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 3)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98 SE)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows XP 64-Bit Edition Service Pack 1 -- Itanium)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows XP Service Pack 1)
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security bulletin resolves the following vulnerabilities affecting Internet Explorer.; The PNG Image Rendering Memory Corruption vulnerability could allow an attacker to execute arbitrary code on the system because of a vulnerability in the way Internet Explorer handles PNG images.; The XML Redirect Information Disclosure vulnerability could allow an attacker to read XML data from another Internet Explorer domain because of a vulnerability in the way Internet Explorer handles certain requests to display XML content.
More information about this vulnerability and its elimination.

Vulnerability in HTML Help Could Allow Remote Code Execution (896358)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. Th...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
HTML Help is the standard help system for the Windows platform. Authors can use it to create online Help files for a software application or content for a multimedia title or a Web site. This vulnerability in HTML Help could allow attackers to execute arbitrary code on the affected system via a specially crafted Compiled Windows Help (CHM) file, because it does not completely validate input data.
More information about this vulnerability and its elimination.

Vulnerability in Server Message Block Could Allow Remote Code Execution (896422)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in the Microsoft’s implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a t...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability exists in the Microsoft’s implementation of the Server Message Block (SMB) protocol, which could allow an attacker to execute arbitrary codes to take complete control over a target system. This vulnerability could be exploited over the Internet. An attacker would have to transmit a specially crafted SMB packet to a target system to exploit it. However, failure to successfully exploit the vulnerability could only lead to a denial of service.
More information about this vulnerability and its elimination.

Vulnerability in Web Client Service Could Allow Remote Code Execution (896426)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete co...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Malware exploiting this vulnerability: unknown
A vulnerability exists in the way that Windows processes Web Client requests, which could allow a remote attacker to execute arbitrary code and take complete control over the affected system.
More information about this vulnerability and its elimination.

Cumulative Security Update in Outlook Express (897715)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious news...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Outlook Express 5.5 Service Pack 2 (Microsoft Windows 2000 Service Pack 3)
Microsoft Outlook Express 5.5 Service Pack 2 (Microsoft Windows 2000 Service Pack 4)
Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003 for Itanium-based Systems)
Microsoft Outlook Express 6.0 (Microsoft Windows Server 2003)
Microsoft Outlook Express 6.0 (Microsoft Windows XP 64-Bit Edition Service Pack 1 -- Itanium)
Microsoft Outlook Express 6.0 Service Pack 1 (Microsoft Windows 2000 Service Pack 3)
Microsoft Outlook Express 6.0 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Microsoft Outlook Express 6.0 Service Pack 1 (Microsoft Windows XP 64-Bit Edition Service Pack 1 -- Itanium)
Microsoft Outlook Express 6.0 Service Pack 1 (Microsoft Windows XP Service Pack 1)
Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability exists in Outlook Express when it is used as a newsgroup reader. An attacker could exploit this vulnerability by constructing a malicious newsgroup server that could that potentially allow remote code execution if a user queried the server for news.
More information about this vulnerability and its elimination.

Vulnerability in Microsoft Agent Could Allow Spoofing (890046)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character.
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 3
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This vulnerability could enable an attacker to spoof trusted Internet content because security prompts can be disguised by a Microsoft Agent character.
More information about this vulnerability and its elimination.

Vulnerability in Telnet Client Could Allow Information Disclosure (896428)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of use...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows Services for UNIX 2.2 on Windows 2000
Microsoft Windows Services for UNIX 3.0 on Windows 2000
Microsoft Windows Services for UNIX 3.5 on Windows 2000
Microsoft Windows XP 64-Bit Edition Service Pack 1 (Itanium)
Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium)
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability in the Microsoft Telnet client could allow an attacker to gain sensitive information about the affected system and read the session variables of users who have open connections to a malicious Telnet server.
More information about this vulnerability and its elimination.

Vulnerability in Microsoft Color Management Module Could Allow Remote Code Execution (901214)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerabil...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability could allow a remote attacker to execute arbitrary codes on the affected system via a malicious image file in a Web site or email message. This vulnerability exists because of the way Microsoft Color Management Module handles ICC profile format tag validation.
More information about this vulnerability and its elimination.

Vulnerability in JView Profiler Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affe...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 3)
Microsoft Internet Explorer 5.5 Service Pack 2
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98 SE)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 for Itanium-based Systems)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 x64 Edition)
Microsoft Internet Explorer 6.0 (Microsoft Windows XP Professional x64 Edition)
Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: JS_EXPLOIT.F
A COM object, the JView Profiler (Javaprxy.dll), contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system by hosting a malicious Web site.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows 2000 Service Pack 4
Malware exploiting this vulnerability: unknown
This security bulletin resolves the following vulnerabilities found in Internet Explorer: (1) JPEG Image Rendering Memory Corruption vulnerability, which allows remote code execution when exploited by a remote malicious user, (2) Web Folder Behaviors Cross-Domain vulnerability, allows information disclosure or remote code execution on an affected system, and (3) COM Object Instantiation Memory Corruption vulnerability, which exists in the way Internet Explorer lists the instances of COM Objects that are not intended to be used in Internet Explorer.
More information about this vulnerability and its elimination.

Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An unchecked buffer in the Plug and Play service results in this vulnerability. Once successfully exploited, this vulnerability permits an attacker to have complete virtual control of an...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 1
Malware exploiting this vulnerability: unknown
An unchecked buffer in the Plug and Play service results in this vulnerability. Once successfully exploited, this vulnerability permits an attacker to have complete virtual control of an affected system. This vulnerability involves a remote code execution and local elevation of privilege. It can be exploited over the Internet.
More information about this vulnerability and its elimination.

Vulnerability in Telephony Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory explains a vulnerability in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. Attackers who successfully exploits t...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security advisory explains a vulnerability in the Telephony Application Programming Interface (TAPI) service that could allow remote code execution. Attackers who successfully exploits the said vulnerability can take complete control of an affected system. They could then install programs, view, change, or delete data, and create new accounts with full user rights
More information about this vulnerability and its elimination.

Remote Desktop Protocol Vulnerability Could Allow Denial of Service

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote malicious user can use the process employed by the Remote Desktop Protocol (RDP) to validate data to cause a denial of service (DoS) attack, which stops an af...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
A remote malicious user can use the process employed by the Remote Desktop Protocol (RDP) to validate data to cause a denial of service (DoS) attack, which stops an affected machine from responding and causing it to automatically restart.
More information about this vulnerability and its elimination.

Vulnerabilities in Kerberos Could Allow Denial of Service, Information Disclosure, and Spoofing

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security bulletin resolves the following vulnerabilities found in Microsoft Windows: (1) the Kerberos vulnerability, which is a denial of service vulnerability that allows an attacker to send a specially crafted message to a Windows d...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security bulletin resolves the following vulnerabilities found in Microsoft Windows: (1) the Kerberos vulnerability, which is a denial of service vulnerability that allows an attacker to send a specially crafted message to a Windows domain controller, making the service that is responsible for authenticating users in an Active Directory domain to stop responding, and (2)the PKINIT vulnerability, which is an information disclosure and spoofing vulnerability that allows an attacker to manipulate certain information that is sent from a domain controller and potentially access sensitive client network communication.
More information about this vulnerability and its elimination.

Vulnerability in Print Spooler Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A remote code execution vulnerability in the Printer Spooler service allows an attacker who successfully exploits this vulnerability to take complete control ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
A remote code execution vulnerability in the Printer Spooler service allows an attacker who successfully exploits this vulnerability to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This tampering vulnerability exists because the Windows FTP client does not properly validate file names that are received from FTP servers. This vulnerability may be exploited when an attacker hosts a file...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP Service Pack 1
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Malware exploiting this vulnerability: unknown
This tampering vulnerability exists because the Windows FTP client does not properly validate file names that are received from FTP servers. This vulnerability may be exploited when an attacker hosts a file using a specially crafted file name on an FTP server. This file bypasses the file name validation of the Windows FTP client. It allows an attacker to modify the intended destination location for a file transfer when a client has manually chosen to transfer a file using FTP.
More information about this vulnerability and its elimination.

Vulnerability in Network Connection Manager Could Allow Denial of Service

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An unchecked buffer in the Network Connection Manager could cause the component responsible for managing network and remote access connections to stop responding. If the affecte...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Malware exploiting this vulnerability: unknown
An unchecked buffer in the Network Connection Manager could cause the component responsible for managing network and remote access connections to stop responding. If the affected component is stopped due to an attack, it will automatically restart when new requests are received.
More information about this vulnerability and its elimination.

Vulnerability in the Client Service for NetWare Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in the Client Service for NetWare (CSNW). When successfully exploited, this vulnerability allows an attacker to take full control of an affected system, e...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability exists in the Client Service for NetWare (CSNW). When successfully exploited, this vulnerability allows an attacker to take full control of an affected system, enabling the said attacker to install programs, change data, or create new accounts with full user rights on the affected system.
More information about this vulnerability and its elimination.

Vulnerability in Plug and Play Could Allow Remote Code Execution and Local Elevation of Privilege

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability, which exists in Plug and Play (PnP), could allow an authenticated attacker to take complete control of the affected system. An attacker could the...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability, which exists in Plug and Play (PnP), could allow an authenticated attacker to take complete control of the affected system. An attacker could then install programs: view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Vulnerability in the Microsoft Collaboration Data Objects Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
Attackers, who successfully exploited this vulnerability, takes complete control of an affected system. They could install programs; view, change, or delet...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Exchange 2000 Server Service Pack 3 with the Exchange 2000 Post-Service Pack 3 Update Rollup of August 2004
Malware exploiting this vulnerability: unknown
Attackers, who successfully exploited this vulnerability, takes complete control of an affected system. They could install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Vulnerabilities in Windows Shell Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This release covers the Shell vulnerability and the Web View Script Injection vulnerability. If a user logs on with administrative rights, an attacker could take compl...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Malware exploiting this vulnerability: unknown
This release covers the Shell vulnerability and the Web View Script Injection vulnerability. If a user logs on with administrative rights, an attacker could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. .
More information about this vulnerability and its elimination.

Vulnerability in DirectShow Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This remote code execution vulnerability exists in DirectShow. It could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. If a u...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft DirectX 7.0 (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 8.0 (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 8.0a (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 8.1 (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 8.1 (Microsoft Windows Server 2003 for Itanium-based Systems)
Microsoft DirectX 8.1 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft DirectX 8.1 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
Microsoft DirectX 8.1 (Microsoft Windows Server 2003 x64 Edition)
Microsoft DirectX 8.1 (Microsoft Windows Server 2003)
Microsoft DirectX 8.1 (Microsoft Windows XP Professional x64 Edition)
Microsoft DirectX 8.1 (Microsoft Windows XP Service Pack 1)
Microsoft DirectX 8.1 (Microsoft Windows XP Service Pack 2)
Microsoft DirectX 8.1a (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 8.1b (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 8.2 (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 9.0 (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 9.0 (Microsoft Windows Server 2003)
Microsoft DirectX 9.0 (Microsoft Windows XP Service Pack 1)
Microsoft DirectX 9.0a (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 9.0a (Microsoft Windows Server 2003)
Microsoft DirectX 9.0a (Microsoft Windows XP Service Pack 1)
Microsoft DirectX 9.0b (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 9.0b (Microsoft Windows Server 2003)
Microsoft DirectX 9.0b (Microsoft Windows XP Service Pack 1)
Microsoft DirectX 9.0c (Microsoft Windows 2000 Service Pack 4)
Microsoft DirectX 9.0c (Microsoft Windows Server 2003)
Microsoft DirectX 9.0c (Microsoft Windows XP Service Pack 1)
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Malware exploiting this vulnerability: unknown
This remote code execution vulnerability exists in DirectShow. It could allow an attacker who successfully exploited this vulnerability to take complete control of the affected system. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This cumulative release covers four vulnerabilities: MSDTC vulnerability, COM+ vulnerability, TIP vulnerability, and Distributed TIP vulnerability. An attacker who successf...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This cumulative release covers four vulnerabilities: MSDTC vulnerability, COM+ vulnerability, TIP vulnerability, and Distributed TIP vulnerability. An attacker who successfully exploits the most severe of these vulnerabilities could take complete control of an affected system. The said attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in Microsoft DDS Library Shape Control (MSDDS.DLL) and other COM objects, which, when instantiated in Internet Explorer, could allow an attacker to take compl...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 5.5 Service Pack 2 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003)
Microsoft Internet Explorer 6 (Microsoft Windows XP Professional x64 Edition)
Microsoft Internet Explorer 6 (Microsoft Windows XP Service Pack 2)
Microsoft Internet Explorer 6 (Windows Server 2003 for Itanium-based Systems)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98 Second Edition)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows XP Service Pack 1)
Malware exploiting this vulnerability: unknown
This vulnerability exists in Microsoft DDS Library Shape Control (MSDDS.DLL) and other COM objects, which, when instantiated in Internet Explorer, could allow an attacker to take complete control of an affected system. If a user is logged on with administrative user rights, an attacker who successfully exploits this vulnerability could take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerabilities in Graphics Rendering Engine Could Allow Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This advisory covers the Graphics Rendering Engine vulnerability and Windows Metafile vulnerability, both of which could allow remote code execution. It also covers the Enhan...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This advisory covers the Graphics Rendering Engine vulnerability and Windows Metafile vulnerability, both of which could allow remote code execution. It also covers the Enhanced Metafile vulnerability, which allows any program that renders EMF images to be vulnerable to denial of service attacks.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (905915)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves four vulnerabilites: File Download Dialog Box vulnerability, HTTPS Proxy vulnerability, COM Object Instantiation Memory Corru...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition family
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: unknown
This security advisory resolves four vulnerabilites: File Download Dialog Box vulnerability, HTTPS Proxy vulnerability, COM Object Instantiation Memory Corruption vulnerability, and Mismatched Document Object Model Objects Memory Corruption vulnerability. It replaces the MS05-052 security update.
More information about this vulnerability and its elimination.

Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves a newly discovered vulnerability because the modifications that are required to address the said issues are located in related files: 1) The Graphic...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows 98
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows Millennium Edition (ME)
Malware exploiting this vulnerability: EXPL_WMF.GEN, TROJ_NASCENE.A, TROJ_NASCENE.B, TROJ_NASCENE.BQ, TROJ_NASCENE.C, TROJ_NASCENE.D, TROJ_NASCENE.E, TROJ_NASCENE.F, TROJ_NASCENE.G, TROJ_NASCENE.GEN, TROJ_NASCENE.H, TROJ_NASCENE.I, TROJ_NASCENE.J, TROJ_NASCENE.K, TROJ_NASCENE.L, TROJ_NASCENE.M, TROJ_NASCENE.O, TROJ_NASCENE.Q, TROJ_NASCENE.R, TROJ_NASCENE.S, TROJ_NASCENE.T, TROJ_NASCENE.V, TROJ_NASCENE.W, TROJ_NASCENE.X, TROJ_WMFCRASH.A
This security advisory resolves a newly discovered vulnerability because the modifications that are required to address the said issues are located in related files: 1) The Graphics Rendering Engine has a vulnerability that could allow remote code execution because of the way it handles Windows Metafile (WMF) images; 2) The Windows Metafile Vulnerability allows an attacker could cause malicious code to run in the security context of the locally logged on user through a specially crafted metafile image.
More information about this vulnerability and its elimination.

Vulnerability in Embedded Web Fonts Could Allow Remote Code Execution (908519)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves a privately reported vulnerability in embedded web fonts. The Embedded Web Font vulnerability exists in Windows because of the way it handles malformed embedded Web fonts. Font embedding is ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security advisory resolves a privately reported vulnerability in embedded web fonts. The Embedded Web Font vulnerability exists in Windows because of the way it handles malformed embedded Web fonts. Font embedding is a technology built into Microsoft Internet Explorer versions 4 and higher. This allows the fonts used in a specific document to travel with that document ensuring that what the users see is the exact format the designer intended for them to see. The vulnerability allows remote execution of arbitrary codes.
More information about this vulnerability and its elimination.

Vulnerability in Windows Media Player Could Allow Remote Code Execution (911565)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The Windows Media Player vulnerability exists because of the way it processes .BMP files. An attacker or a malware program could exploit this vulnerability by executing arbitrary cod...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Media Player 10 (Windows XP Service Pack 1)
Microsoft Windows Media Player 10 (Windows XP Service Pack 2)
Microsoft Windows Media Player 7.1 (Windows 2000 Service Pack 4)
Microsoft Windows Media Player 9 (Windows 2000 Service Pack 4)
Microsoft Windows Media Player 9 (Windows XP Service Pack 1)
Microsoft Windows Millennium Edition
Windows Media Player 9 (Microsoft Windows Server 2003)
Windows Media Player 9 (Microsoft Windows XP Service Pack 2)
Windows Media Player for XP (Microsoft Windows XP Service Pack 1)
Malware exploiting this vulnerability: unknown
The Windows Media Player vulnerability exists because of the way it processes .BMP files. An attacker or a malware program could exploit this vulnerability by executing arbitrary codes based on the privilege of the currently logged on user. Once exploited, the attacker may take full control of the affected computer.
More information about this vulnerability and its elimination.

Vulnerability in Windows Media Player Plug-in with Non-Microsoft Internet Browsers Could Allow Remote Code Execution (911564)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The Windows Media Player plug-in allows users to stream media through a non-Microsoft Internet browser. A remote code execution vulnerability exists in the said plug-in because of the way it...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
The Windows Media Player plug-in allows users to stream media through a non-Microsoft Internet browser. A remote code execution vulnerability exists in the said plug-in because of the way it handles a malformed EMBED element. The vulnerability may be exploited when an attacker creates a malicious EMBED element that may potentially allow remote code execution once a user visits a malicious Web site.
More information about this vulnerability and its elimination.

Vulnerability in TCP/IP Could Allow Denial of Service (913446)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The vulnerability exists because the affected messages are not being ignored in certain cases that allow an attacker to send a malformed packet that may cause the affected system to stop respon...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
The vulnerability exists because the affected messages are not being ignored in certain cases that allow an attacker to send a malformed packet that may cause the affected system to stop responding. An attacker could exploit this vulnerability by sending a specially-crafted IGMP packet to an affected system, causing a target system to stop responding.
More information about this vulnerability and its elimination.

Vulnerability in Web Client Service Could Allow Remote Code Execution (911927)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
The Web Client service allows applications to access documents on the Internet. It is vulnerable due to the way it validates the length of a message before it passes the message to the allocated buffer. To exploit the said vul...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
The Web Client service allows applications to access documents on the Internet. It is vulnerable due to the way it validates the length of a message before it passes the message to the allocated buffer. To exploit the said vulnerability, an attacker must have valid logon credentials since the vulnerability could not be exploited by anonymous users. Even though the Web Client service is used to support the WebDAV protocol over the Internet, an authenticated attacker must perform the steps that are required to attempt to exploit this issue.
More information about this vulnerability and its elimination.

Permissive Windows Services DACLs Could Allow Elevation of Privilege (914798)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A malicious user who successfully takes advantage of this vulnerability could take complete control of the vulnerable system. Once in control, the malicious use...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP Service Pack 1
Malware exploiting this vulnerability: unknown
A malicious user who successfully takes advantage of this vulnerability could take complete control of the vulnerable system. Once in control, the malicious user can install programs; view, change, or delete data; or create new accounts with full user rights.
More information about this vulnerability and its elimination.

(MS06-013) Cumulative Security Update for Internet Explorer (912812)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves ten vulnerabilities. Microsoft released a single update to support these vulnerabilities because the modifications that are required t...
More information about this vulnerability and its elimination.
Affected programs and services: Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003)
Microsoft Internet Explorer 6 (Microsoft Windows XP Professional x64 Edition)
Microsoft Internet Explorer 6 (Microsoft Windows XP Service Pack 2)
Microsoft Internet Explorer 6 (Windows Server 2003 for Itanium-based Systems)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98 Second Edition)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 for Itanium-based Systems)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 x64 Edition)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003)
Microsoft Windows 2000 Advanced Server SP4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: EXPL_TXTRANGE.A, JS_DLOADER.BXR
This security advisory resolves ten vulnerabilities. Microsoft released a single update to support these vulnerabilities because the modifications that are required to address these issues are located in related files.
More information about this vulnerability and its elimination.

(MS06-014) Vulnerability in the Microsoft Data Access Components (MDAC) Function Could Allow Code Execution (911562)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
Microsoft Data Access Components (MDAC) is a collection of Dynamic Link Libraries (DLLs) and associated component resources that support a number of different APIs including Open Database Connectivity (ODBC), OLE DB, Microsoft® ActiveX® Data Objects (ADO), and Microsoft Remote Data...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
Microsoft Data Access Components (MDAC) is a collection of Dynamic Link Libraries (DLLs) and associated component resources that support a number of different APIs including Open Database Connectivity (ODBC), OLE DB, Microsoft® ActiveX® Data Objects (ADO), and Microsoft Remote Data Service (RDS). It provides applications a means to access data from various data storage sources, with a focus on access to the Microsoft SQL Server. A large number of applications depend on MDAC-contained components for proper operation. One of MDAC's supported API, RDS, is actually a feature of ADO. It moves data from a server to a client application or to a Web page. It also helps manipulate the data on the client and returns updates to the server in a single round trip. A remote code execution vulnerability exists in RDS wherein Dataspace ActiveX control is provided as part of ADO and is distributed in MDAC. A remote user who successfully exploits this vulnerability can take complete control of an affected system. If a user is logged on with administrative user rights, the said remote user can then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system can be less affected. Furthermore, this vulnerability can conceivably be used by malware for replication purposes. In a Web-based scenario, a remote user or malware tries different social engineering techniques, like displaying banner advertisement,c to get an affected user to visit a malicious Web site that contains the specially-crafted file that jumpstarts the successful exploitation of this vulnerability. In an email-based scenario, the remote user or malware sends out an email message to a user of a server that is running an affected software application that contains a link. Clicking this link, in turn, takes the user to a malicious Web site designed to exploit this vulnerability.
More information about this vulnerability and its elimination.

Vulnerability in Windows Explorer Could Allow Remote Code Execution (908531)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
Windows Explorer, which provides a Graphical User Interface (GUI) for accessing the file systems, is the default shell used by modern Microsoft Windows. A remote code execution vulnerability exists in Windows Explorer because of the way it handles COM objects. It can be exploited through a Web-based scenario by a remote m...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
Windows Explorer, which provides a Graphical User Interface (GUI) for accessing the file systems, is the default shell used by modern Microsoft Windows. A remote code execution vulnerability exists in Windows Explorer because of the way it handles COM objects. It can be exploited through a Web-based scenario by a remote malicious user or a malware. The mentioned agents try to get an affected user to click on a link that leads to a malicious Web site. Upon reaching this specially-crafted Web site, the user is prompted to perform several actions needed so as to connect to a certain file server. This file server, in turn, can cause Windows Explorer to fail in a way that can allow code execution. Thus, a remote user or malware, who successfully exploits this vulnerability, can take complete control of an affected system. It should be noted that this vulnerability can not be exploited automatically via e-mail. For an attack to be successful, the affected user must open an attachment or click on a link within an e-mail message.
More information about this vulnerability and its elimination.

(MS06-016) Cumulative Security Update for Outlook Express (911567)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
Windows provides an address book for storing contact information. The Windows Address Book (WAB) is an application and service that enables users to keep track of people. The WAB has a local database and user interface for finding and editing information about people and ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
Windows provides an address book for storing contact information. The Windows Address Book (WAB) is an application and service that enables users to keep track of people. The WAB has a local database and user interface for finding and editing information about people and it can query network directory servers using Lightweight Directory Access Protocol (LDAP). An unchecked buffer in WAB functioning within Outlook Express can cause remote code execution. A malicious user or malware creates a specially crafted .WAB file and persuades a user to open it causing an error in Outlook Express that allows execution of remote code. If an affected user is logged on with administrative user rights, a remote user who successfully exploits this vulnerability can take complete control of an affected system. The said remote user can then install programs; view, change, or delete data; or create new accounts with full user rights. In a Web-based scenario, a remote user or malware tries different social engineering techniques to get an affected user to visit a malicious Web site that contains the specially-crafted .WAB file that jumpstarts the successful exploitation of this vulnerability. In an email-based scenario, the remote user or malware sends out the created .WAB file to the affected user as an attachment. The email message's details try to get the user to open the attached file.
More information about this vulnerability and its elimination.

Vulnerability in Microsoft Distributed Transaction Coordinator Could Allow Denial of Service

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC) service could allow a malicious user to utilize a specially crafted network message, which it br...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
An unchecked buffer in the Microsoft Distributed Transaction Coordinator (MSDTC) service could allow a malicious user to utilize a specially crafted network message, which it brings to an affected system. If the said routine is successful, the message can cause the affected system to stop responding.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (916281)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves several vulnerabilities in Internet Explorer (IE).;The Exception Handling Memory Corruption Vulnerability could allow a malicious user or a malwa...
More information about this vulnerability and its elimination.
Affected programs and services: Internet Explorer 5.01 Service Pack 4 (Microsoft Windows 2000 Service Pack 4)
Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 Service Pack 1)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition)
Microsoft Internet Explorer 6 (Microsoft Windows Server 2003)
Microsoft Internet Explorer 6 (Microsoft Windows XP Professional x64 Edition)
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 2000 Service Pack 4)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98 Second Edition)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows 98)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows Millennium Edition)
Microsoft Internet Explorer 6 Service Pack 1 (Microsoft Windows XP Service Pack 1)
Microsoft Internet Explorer 6.0 (Microsoft Windows Server 2003 for Itanium-based Systems)
Microsoft Windows 2000 Server SP4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security advisory resolves several vulnerabilities in Internet Explorer (IE).;The Exception Handling Memory Corruption Vulnerability could allow a malicious user or a malware to execute arbitrary code on the system because IE allows objects to register exception handlers that may not properly handle certain conditions.;The HTML Decoding Memory Corruption Vulnerability could allow a malicious user or a malware to execute arbitrary code on the system because of the way IE parses the code for decoding UTF-8 characters.;The ActiveX Control Memory Corruption Vulnerability could allow a malicious user or a malware to execute arbitrary code on the system because IE does not perform parameter validation on the data that is passed to the DXImageTransform.Microsoft.Light ActiveX control.;The COM Object Instantiation Memory Corruption Vulnerability could allow a malicious user or a malware to execute arbitrary code on the system because when IE attempts to instantiate certain COM objects as ActiveX Controls, the COM objects may corrupt the system state in such a way that an attacker could execute arbitrary code.;The COM CSS Cross-Domain Information Disclosure Vulnerability could allow a malicious user to read data from another security zone or domain in IE because IE incorrectly interprets a specially crafted document as a Cascading Style Sheet (CSS).;The Address Bar Spoofing Vulnerabilities could allow an attacker to to create a Web page that displays a spoofed URL in the address bar, while pointing to a different Web site. A user could then expose information into the possibly malicious Web site when in fact the data is sent to the attacker’s site.;The MHT Memory Corruption Vulnerability could allow an attacker to gain the same user rights as the affected user because a specially crafted Web page can, when saved as a multipart HTML file cause memory corruption.
More information about this vulnerability and its elimination.

Vulnerability in Microsoft JScript Could Allow Remote Code Execution (917344)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow a malicious user or malware to execute arbitrary codes via a specially-crafted Jscript file because Jscript may release objects earl...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability could allow a malicious user or malware to execute arbitrary codes via a specially-crafted Jscript file because Jscript may release objects early, potentially causing memory corruption.
More information about this vulnerability and its elimination.

Vulnerability in Routing and Remote Access Could Allow Remote Execution (911280)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
An unchecked buffer in the Routing and Remote Access service could allow a malicious user or a malware to execute arbitrary code with the privileges of the cur...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 64-Bit Edition
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional SP2
Microsoft Windows XP Professional x64 Edition
Malware exploiting this vulnerability: unknown
An unchecked buffer in the Routing and Remote Access service could allow a malicious user or a malware to execute arbitrary code with the privileges of the currently logged-on user.
More information about this vulnerability and its elimination.

Vulnerability in Server Message Block Could Allow Elevation of Privilege (914389)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security vulnerability resolves the newly discovered vulnerabilities in Server Message Block (SMB), which could allow an attacker to escalate privileges a...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP 64-Bit Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security vulnerability resolves the newly discovered vulnerabilities in Server Message Block (SMB), which could allow an attacker to escalate privileges and take control over an affected system.;The SMB Driver Elevation of Privilege Vulnerability is an elevation of privilege vulnerability in SMB that could allow an attacker to take complete control over an affected system. This vulnerability exists due to the utilization of unbuffered I/O between user and kernel mode for its IOCTLs by the SMB driver MRXSMB.SYS. An IOCTL is a mechanism that is commonly used to communicate between the userspace and the kernelspace.;The SMB Invalid Handle Vulnerability is a denial of service vulnerability in SMB that could allow an attacker to cause an affected system to stop responding. In this case, the SMB driver MRXSMB.SYS contains a function which takes a handle as a parameter that is subsequently closed. A user-mode process can pass in the handle for the driver which causes a kernel-mode deadlock on this thread. The said process will be unable to terminate and the system may not be able to properly shut down.
More information about this vulnerability and its elimination.

Vulnerability in TCP/IP Could Allow Remote Code Execution (917953)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability in the TCP/IP protocol driver could allow remote code execution using a created strict or loose route ICMP packet.
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability in the TCP/IP protocol driver could allow remote code execution using a created strict or loose route ICMP packet.
More information about this vulnerability and its elimination.

Vulnerability in ASP.NET Could Allow Information Disclosure

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow remote attackers to bypass ASP.NET security and gain unauthorized access to objects in the APPLICATION folder explicitly by n...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Tablet PC Edition
Malware exploiting this vulnerability: unknown
This vulnerability could allow remote attackers to bypass ASP.NET security and gain unauthorized access to objects in the APPLICATION folder explicitly by name, resulting in information disclosure, because ASP.NET does not properly validate the URL paths that are passed to it.
More information about this vulnerability and its elimination.

Vulnerability in Server Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This security advisory resolves two vulnerabilities affecting Microsoft Windows.;The MailSlot Heap Overflow Vulnerability could allow remote attackers to take compl...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This security advisory resolves two vulnerabilities affecting Microsoft Windows.;The MailSlot Heap Overflow Vulnerability could allow remote attackers to take complete control of an affected system, due to an unchecked buffer in the Server service.;The SMB Information Disclosure Vulnerability could allow attackers to remotely read information stored in buffers for SMB.
More information about this vulnerability and its elimination.

Vulnerability in DHCP Client Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow attackers to remotely execute abitrary code via a malformed DHCP communication sent to an affected client on the same network segmen...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This vulnerability could allow attackers to remotely execute abitrary code via a malformed DHCP communication sent to an affected client on the same network segment. This vulnerability is caused by an unchecked buffer in the DHCP Client Service.
More information about this vulnerability and its elimination.

Vulnerability in Server Service Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables remote code execution in Server Service that could allow an attacker who successfully exploits this vulnerability to take complete co...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This vulnerability enables remote code execution in Server Service that could allow an attacker who successfully exploits this vulnerability to take complete control of the affected system.
More information about this vulnerability and its elimination.

Vulnerability in DNS Resolution Could Allow Remote Code Execution (920683)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves several newly discovered, privately reported, vulnerabilities. For details, refer to the descriptions of CVEIDs enumerated. An attacker who successfully ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This update resolves several newly discovered, privately reported, vulnerabilities. For details, refer to the descriptions of CVEIDs enumerated. An attacker who successfully exploits the most severe of hese vulnerabilities could take complete control of an affected system.
More information about this vulnerability and its elimination.

Cumulative Security Update for Internet Explorer (918899)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own. For details, refer ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This update resolves several newly discovered, publicly and privately reported vulnerabilities. Each vulnerability is documented in its own. For details, refer to the description of the CVEIDs enumerated.
More information about this vulnerability and its elimination.

Vulnerability in Windows Explorer Could Allow Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability enables remote code execution in Windows Explorer because of the way that Windows Explorer handles Drag and Drop events.
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This vulnerability enables remote code execution in Windows Explorer because of the way that Windows Explorer handles Drag and Drop events.
More information about this vulnerability and its elimination.

Vulnerability in HTML Help Could Allow Remote Code Execution (922616)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability exists in the HTML Help ActiveX control that could allow remote code execution on an affected system. A remote malicious user could exploit this vulnerability ...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This vulnerability exists in the HTML Help ActiveX control that could allow remote code execution on an affected system. A remote malicious user could exploit this vulnerability by constructing a malicious Web page that could potentially allow remote code execution if an affected user visited that page.
More information about this vulnerability and its elimination.

Vulnerabilities in Microsoft Windows Hyperlink Object Library Could Allow Remote Code Execution (920670)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own. For details, refer to the description of the CVE...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This update resolves two newly discovered vulnerabilities. Each vulnerability is documented in its own. For details, refer to the description of the CVEIDs enumerated.
More information about this vulnerability and its elimination.

Vulnerability in Windows Kernel Could Result in Remote Code Execution

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations. A remote user who successfully exploi...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This update resolves newly discovered, privately reported vulnerabilities and additional issues discovered through internal investigations. A remote user who successfully exploits the most severe of these vulnerabilities could take complete control of an affected system.
More information about this vulnerability and its elimination.

Vulnerability in Pragmatic General Multicast (PGM) Could Allow Remote Code Execution (919007)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
Pragmatic General Multicast (PGM) is a reliable and scalable multicast protocol that enables receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. This v...
More information about this vulnerability and its elimination.
Affected programs and services: Windows XP Service Pack 1 with the MSMQ service installed
Windows XP Service Pack 2 with the MSMQ service installed
Malware exploiting this vulnerability: unknown
Pragmatic General Multicast (PGM) is a reliable and scalable multicast protocol that enables receivers to detect loss, request retransmission of lost data, or notify an application of unrecoverable loss. This vulnerability could allow an attacker execute an arbitrary code on an affected system by sending a specially crafted multicast message using the Microsoft Message Queuing (MSMQ) Services. Note that the MSMQ Services, which is the Windows service needed to allow PGM communications, is not installed by default.
More information about this vulnerability and its elimination.

Vulnerability in Indexing Service Could Allow Cross-Site Scripting (920685)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This vulnerability could allow remote malicious users to gain unauthorized access to sensitive user information via a client-side script. The said script could disclose information, spoof conten...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Malware exploiting this vulnerability: unknown
This vulnerability could allow remote malicious users to gain unauthorized access to sensitive user information via a client-side script. The said script could disclose information, spoof content, or take any other action that the users may take on the affected Web site. The said vulnerability exists because of the way Indexing Service handles query validation.
More information about this vulnerability and its elimination.

Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This overrun vulnerability allows remote code execution. Once successfully exploited, an attacker takes complete control of an affected system. It does this by creating a specially crafted Web page or email (in HTML format) that allows r...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: EXPL_EXECOD.A, HTML_VIMALOV.B, HTML_VMLFILL.B, HTML_VMLFILL.C
This overrun vulnerability allows remote code execution. Once successfully exploited, an attacker takes complete control of an affected system. It does this by creating a specially crafted Web page or email (in HTML format) that allows remote code execution when a user visits a Web site or views an email message. An exploited system may allow an attacker to perform malicious activities, such as data manipulation and creating user-account creation. It is important to note that users who were granted with fewer rights can less be affected than those with administrative rights.
More information about this vulnerability and its elimination.

Vulnerability in ASP.NET 2.0 Could Allow Information Disclosure (922770)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A cross site scripting (XSS) vulnerability exists in a Microsoft .NET Framework 2.0 server that could inject a malicious script in an affected user's browser. The said vulnerability...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft .NET Framework 2.0
Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Media Center Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Tablet PC Edition
Malware exploiting this vulnerability: unknown
A cross site scripting (XSS) vulnerability exists in a Microsoft .NET Framework 2.0 server that could inject a malicious script in an affected user's browser. The said vulnerability is caused by an incorrect validation of an HTTP request by the .NET Framework 2.0. However, to successfully exploit this vulnerability, user interaction is needed.
More information about this vulnerability and its elimination.

Vulnerability in Windows Explorer Could Allow Remote Execution (923191)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability exists in Windows Shell in the way it validates input parameters when called by the WebViewFolderIcon ActiveX (Web View) control that if successfully exploited, could allow remote code execution. A remote malicious user...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows Server 2003
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Windows XP Professional x64 Edition
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
A vulnerability exists in Windows Shell in the way it validates input parameters when called by the WebViewFolderIcon ActiveX (Web View) control that if successfully exploited, could allow remote code execution. A remote malicious user may design a specially-crafted Web site or a specially-crafted email message that contains a code that exploits this vulnerability. Once exploited, the remote malicious user may gain the same user rights as the logged on user. Thus, users whose accounts are configured with fewer rights could be less affected than users with administrative rights.
More information about this vulnerability and its elimination.

Vulnerability in Server Service Could Allow Denial of Service (923414)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update addresses vulnerabilities in Server Service that could cause denial of service and remote code execution. The first vulnerability exists in the way the Server Service handles an uninitialized buffer in certain network messages. A remote malicious user may send a specially-crafted network message to exploit this vulnerability, eventually caus...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Malware exploiting this vulnerability: unknown
This update addresses vulnerabilities in Server Service that could cause denial of service and remote code execution. The first vulnerability exists in the way the Server Service handles an uninitialized buffer in certain network messages. A remote malicious user may send a specially-crafted network message to exploit this vulnerability, eventually causing the vulnerable system to stop responding. The second vulnerability exists in the way the Server Service handles certain network messages. It is caused by the service's attempt to remove reference to an invalid pointer. A remote malicious user may send a specially-crafted network message to exploit this vulnerability, eventually allowing the remote malicious user to gain control of the vulnerable system. However, to be able to exploit the said vulnerability, the remote malicious user must have valid logon credentials and is able to logon to the network where the target system is located. Moreover, anonymous users may not be able to exploit this vulnerability. This update resolves the said vulnerabilities by fixing the uninitialized buffer and modifying the way Server Service removes reference to an invalid pointer.
More information about this vulnerability and its elimination.

Vulnerabilities in TCP/IP IPv6 Could Allow Denial of Service (922819)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update addresses several vulnerabilities in several versions of TCP/IP networking protocols, allowing a denial of service when exploited successfully. One vulnerability exists in the IPv6 implementation of the Internet Control Message Protocol (ICMP). Specially-crafted ICMP packe...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
This update addresses several vulnerabilities in several versions of TCP/IP networking protocols, allowing a denial of service when exploited successfully. One vulnerability exists in the IPv6 implementation of the Internet Control Message Protocol (ICMP). Specially-crafted ICMP packets that should be dropped instead of being parsed may cause reset of an existing connection. Another vulnerability exists in the IPv6 implementation of Transmission Control Protocol (TCP). Specially-crafted TCP packets that should be dropped instead of being parsed may cause reset of an existing connection. Furthermore, a vulnerability exits in the IPv6 implementation of TCP/IP. This vulnerability occurs when a TCP packet with a spoofed source Internet Protocol (IP) address and port number similar to the destination IP address and port is received. To successfully exploit the said vulnerabilities, a remote malicious user would have to belong to the same IPv6 network, causing the vulnerable system to drop existing TCP connections and to stop responding.
More information about this vulnerability and its elimination.

Vulnerability in Windows Object Packager Could Allow Remote Code Execution (924496)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
A vulnerability in the Windows Object Packager exists due to the way it handles file extensions. Object Packager is a tool that creates a package that may be inserted into a file. In a Web-based attack scenario, a...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft Windows XP Service Pack 1
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Malware exploiting this vulnerability: unknown
A vulnerability in the Windows Object Packager exists due to the way it handles file extensions. Object Packager is a tool that creates a package that may be inserted into a file. In a Web-based attack scenario, a remote malicious user may host a Web site that contains an exploit code. Once exploited, the remote malicious user may take complete control of the vulnerable system. However, user interaction is required to successfully exploit this vulnerability.
More information about this vulnerability and its elimination.

Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution (928088)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update addresses a vulnerability in the XMLHTTP ActiveX control within Microsoft XML Core Services.;An attacker could exploit the vulnerability by creating a specially crafted Web page that allows remote code ex...
More information about this vulnerability and its elimination.
Affected programs and services: Microsoft XML Core Services 4.0
Microsoft XML Core Services 6.0
Malware exploiting this vulnerability: unknown
This update addresses a vulnerability in the XMLHTTP ActiveX control within Microsoft XML Core Services.;An attacker could exploit the vulnerability by creating a specially crafted Web page that allows remote code execution once an unsuspecting user with administrative user rights visits the said page or clicks a link in an email message. The attacker who successfully exploits the mentioned vulnerability could access and take full control of an affected system. To sucessfully exploit the vulnerability, however, user intervention is needed.
More information about this vulnerability and its elimination.

Vulnerability in Step-by-Step Interactive Training Could Allow Remote Code Execution (923723)

Transfering more information about this vulnerability...
An error occurred while trying to retrieve more information about this vulnerability. There is currently no more information available.
This update resolves a vulnerability that exists in Step-by-Step Interactive Training, handling bookmark link files. An attacker can successfully exploit this vulnerability ...
More information about this vulnerability and its elimination.
Affected programs and services: Step-by-Step Interactive Training on Microsoft Windows 2000 Service Pack 4
Step-by-Step Interactive Training on Microsoft Windows XP Professional x64 Edition
Step-by-Step Interactive Training on Microsoft Windows XP Service Pack 2
Malware exploiting this vulnerability: unknown
This update resolves a vulnerability that exists in Step-by-Step Interactive Training, handling bookmark link files. An attacker can successfully exploit this vulnerability by using a specially-crafted message that could potentially allow remote code execution.
More information about this vulnerability and its elimination.

MS07-042

Transfering more information about this vulnerability...

I tried to install Malwarebytes, but when I got to the step where it should have automatically downloaded the latest update, I got the following error message:

"Update failed. Make sure you are connected to the internet and your firewall is set to allow Malwarebytes Anti-Malware to access the internet."

How should I proceed from here?

Thanks!

- Rachel

I went ahead and performed the Malwarebytes scan, even though it wouldn't download the update. That log is below.

Thanks again for all of your help, both of you!
----------------------------------------

Malwarebytes' Anti-Malware 1.09
Database version: 507

Scan type: Full Scan (C:\|)
Objects scanned: 90176
Time elapsed: 1 hour(s), 6 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 90
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 26

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.shellviewcontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2eff3cf7-99c1-4c29-bc2b-68e057e22340} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3e720452-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d294-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7473d296-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a4730ebe-43a6-443e-9776-36915d323ad3} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2763e333-b168-41a0-a112-d35f96f410c0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{621feacd-8857-43a6-ae26-451d670d5370} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE.vir (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055234.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055236.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055238.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055240.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055242.DLL (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055243.EXE (Adware.MyWeb.FunWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055244.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055246.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055249.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055250.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055253.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055255.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{C44ECF80-3FD9-47F7-9A1D-59AE8CE5E972}\RP257\A0055261.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Hi ere

Reset your System Restore using the following procedure

To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.

This will create a new Restore Point.

Reboot the PC then go ahead with the remaining Windows Updates including SP2. Let us know how that goes.