Microsoft Security Bulletin MS03-041 Vulnerability Could Allow Remote Code Execution.
Download

Microsoft Security Bulletin MS03-041 Ranking & Summary

Microsoft Security Bulletin MS03-041 Tags

execution code execution vulnerability LSASS vulnerability DAG Execution package execution software vulnerability manage execution remote execution deny execution Metafile Image Code Execution Prevent Code Execution remote execution tool map execution path remote code injection Execution Management code execution time execution ennvironment control execution

Microsoft Security Bulletin MS03-041 Description

From Microsoft: There is a vulnerability in Authenticode that, under certain low memory conditions, could allow an ActiveX control to download and install without presenting the user with an approval dialog. To exploit this vulnerability, an attacker could host a malicious Web Site designed to exploit this vulnerability. If an attacker then persuaded a user to visit that site an ActiveX control could be installed and executed on the user�??s system. Alternatively, an attacker could create a specially formed HTML e-mail and send it to the user. If the user viewed the HTML e-mail an unauthorized ActiveX control could be installed and executed on the user�??s system. In both scenarios the vulnerability in Authenticode could allow an unauthorized ActiveX control to be installed and executed on the user�??s system, with the same permissions as the user, without prompting the user for approval. The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met: You have applied the patch included with Microsoft Security bulletin MS03-040 You are using Internet Explorer 6 or later You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.

Microsoft Security Bulletin MS03-041 Related Software