Microsoft Security Bulletin MS03-040 logo

Microsoft Security Bulletin MS03-040

By Microsoft Free

Download.com has removed the direct-download link and offers this page for informational purposes only.

Download.com has chosen not to provide a direct-download link for this product and offers this page for informational purposes only.

Developer's Description

This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following newly discovered vulnerabilities:
  • A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTMLÃ????Ã???Ã??Ã?¢??based e-mail that would attempt to exploit this vulnerability.
  • A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTMLÃ????Ã???Ã??Ã?¢??based e-mail that would attempt to exploit this vulnerability.
In addition, a change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone. It could be possible for an attacker exploiting a separate vulnerability (such as one of the two vulnerabilities discussed above) to cause Internet Explorer to run script code in the security context of the Internet Zone. In addition, an attacker could use Windows Media Player�???�??�?�¢??s (WMP) ability to open URLs to construct an attack. An attacker could also craft an HTML-based e-mail that could attempt to exploit this behavior. To exploit these flaws, the attacker would have to create a specially formed HTML�???�??�?�¢??based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit these vulnerabilities.

As with the previous Internet Explorer cumulative patches released with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.

In addition to applying this security patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update is available from Windows Update as well as the Microsoft Download Center for all supported versions of Windows Media Player. While not a security patch, this update contains a change to the behavior of Windows Media Player�???�??�?�¢??s ability to launch URLs to help protect against DHTML behavior based attacks. Specifically, it restricts Windows Media Player�???�??�?�¢??s ability to launch URLs in the local computer zone from other zones.

Full Specifications

What's new in version 828750

General

Release August 25, 2008
Date Added October 7, 2003
Version 828750

Operating Systems

Operating Systems Windows
Additional Requirements
  • All Windows
  • Popularity

    Total Downloads 597
    Downloads Last Week 0
    Report Software

    Related Software

    Trend Micro Maximum Security logo

    Trend Micro Maximum Security

    Free to try
    Trend Micro Maximum Security
    360 Total Security Essential logo

    360 Total Security Essential

    Free
    360 Total Security Essential
    Bitdefender Total Security logo

    Bitdefender Total Security

    Free to try
    Bitdefender Total Security
    F-Secure Internet Security logo

    F-Secure Internet Security

    Free to try
    F-Secure Internet Security
    Promo image for CNET Shopping

    Get the best price on everything

    Shop your favorite products and we’ll find the best deal with a single click. Designed to make shopping easier.