Microsoft KB Archive/890175

= MS05-001: Vulnerability in HTML Help could allow code execution =

Article ID: 890175

Article Last Modified on 2/6/2007

-

APPLIES TO

 Microsoft Windows Server 2003, Datacenter Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems Microsoft Windows XP Service Pack 2 Microsoft Windows XP Service Pack 1 Microsoft Windows XP Professional for Itanium-based systems</li> Microsoft Windows XP Professional for Itanium-based systems</li> Microsoft Windows Millennium Edition</li> Microsoft Windows 2000 Service Pack 4</li> Microsoft Windows 2000 Advanced Server</li> Microsoft Windows 2000 Professional Edition</li> Microsoft Windows 2000 Datacenter Server</li> Microsoft Windows 2000 Service Pack 3</li> Microsoft Windows 2000 Advanced Server</li> Microsoft Windows 2000 Service Pack 3</li> Microsoft Windows 2000 Service Pack 3</li> Microsoft Windows 98 Standard Edition</li> Microsoft Windows 98 Second Edition</li> Microsoft Internet Explorer 6.0 Service Pack 1, when used with: <ul> Microsoft Windows NT 4.0 Service Pack 6a</li></ul>

<ul> Microsoft Windows NT Server 4.0, Terminal Server Edition Service Pack 6</li></ul> </li></ul>

-

<div class="notice_section">

<div class="summary_section">

Microsoft has released security bulletin MS05-001. The security bulletin contains all the relevant information about the security update. This includes file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web sites: <ul> Home users:

http://www.microsoft.com/athome/security/update/bulletins/default.mspx

</li> <li>IT professionals:

http://www.microsoft.com/technet/security/bulletin/ms05-001.mspx

</li></ul>

Known issues
<ul> <li>Before you install security update 890175 (MS05-001), you must install critical update 811630 for some operating systems. For these operating systems, installing critical update 811630 after installing security update 890175 might cause reduced functionality in HTML Help if security update 890175 is later uninstalled.

Note The reduced HTML Help functionality occurs only if security update 890175 is uninstalled. For additional information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

892641 HTML Help files do not work correctly after you uninstall security update 890175 (MS05-001)

</li> <li>Certain kinds of Web-based programs may not function correctly after you install security update 890175. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

892675 Certain Web sites and HTML Help features may not work after you install security update 896358 or security update 890175

</li></ul>

Additional query words: update security_patch security_update security bug flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow specially-formed scope specially-crafted remote code execution RCE cross-domain vulnerability WinNT TSE Win2003 WinXP Win2000

Keywords: kbbug kbfix kbsecvulnerability kbqfe kbsecurity kbwinnt400presp7fix kbsecbulletin kbwin2000presp5fix kbwinserv2003presp1fix kbwinxppresp3fix kbhotfixserver KB890175

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.