Microsoft KB Archive/824141

= MS03-045: Buffer overrun in the ListBox and in the ComboBox Control could allow code execution =

Article ID: 824141

Article Last Modified on 2/5/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Home Edition
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition

-





Microsoft has released security bulletin MS03-045. The security bulletin contains all the relevant information about the security patch, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS03-045.mspx

This fix introduces roaming profile folder ownership checks. Verify that the ownership of roaming profiles is correct as described in the following Microsoft Knowledge Base article:

327462 Windows XP SP1 and Windows 2000 SP4 checks for existing roaming user profile folders when a roaming user profile is created

For more information about the latest service pack for Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:

322389 How to obtain the latest Windows XP service pack



STATUS
This bug was corrected in Windows Server 2003 Service Pack 1.

Additional query words: security_patch security bug context flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow Local Elevation of Privilege URL specially-formed scope link hyperlink specially-crafted 2000 TSE 2003 WinNT Win2000 4.0 listbox combobox control user32.dll messages utility manager logon credentials Wuser32.dll Msgsvc.dll Wkssvc.dll Basesrv.dll Cmd.exe Gdi32.dll Kernel32.dll Msgina.dll Rdpwd.sys Userenv.dll Win32k.sys Winlogon.exe Winsrv.dll

Keywords: kbhotfixserver kbqfe atdownload kbwinxpsp2fix kbsecurity kbsecbulletin kbsecvulnerability kbwinxppresp2fix kbbug kbfix kbwinserv2003presp1fix kbwin2000presp5fix kbwinnt400presp7fix KB824141

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.