ie8 fix
Click Here

Microsoft Security Bulletin MS03-040

Publisher's Description

From Microsoft:

This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following newly discovered vulnerabilities:

  • A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML�??based e-mail that would attempt to exploit this vulnerability.
  • A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML�??based e-mail that would attempt to exploit this vulnerability.
In addition, a change has been made to the method by which Internet Explorer handles Dynamic HTML (DHTML) Behaviors in the Internet Explorer Restricted Zone. It could be possible for an attacker exploiting a separate vulnerability (such as one of the two vulnerabilities discussed above) to cause Internet Explorer to run script code in the security context of the Internet Zone. In addition, an attacker could use Windows Media Player�??s (WMP) ability to open URLs to construct an attack. An attacker could also craft an HTML-based e-mail that could attempt to exploit this behavior. To exploit these flaws, the attacker would have to create a specially formed HTML�??based e-mail and send it to the user. Alternatively an attacker would have to host a malicious Web site that contained a Web page designed to exploit these vulnerabilities.

As with the previous Internet Explorer cumulative patches released with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.

In addition to applying this security patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update is available from Windows Update as well as the Microsoft Download Center for all supported versions of Windows Media Player. While not a security patch, this update contains a change to the behavior of Windows Media Player�??s ability to launch URLs to help protect against DHTML behavior based attacks. Specifically, it restricts Windows Media Player�??s ability to launch URLs in the local computer zone from other zones.

Click Here!
Internet Security
100 Million Trust AVG. Free Download.
Download Now

More Popular Security Software downloads

  1. AVG Anti-Virus Free Edition 2012

    1,026,599 downloads

  2. Avast Free Antivirus

    716,193 downloads

  3. Malwarebytes Anti-Malware

    487,020 downloads

  4. Avira Free Antivirus

    373,070 downloads

  5. CCleaner

    270,105 downloads

 
Android Starter Kit
Essential apps for your Android Phone
Download Now
All User Reviews

Add Your Review

or Log in or create an account to post a review.
You are logged in as . Please submit your review for Microsoft Security Bulletin MS03-040 828750
Add Your Review

The posting of advertisements, profanity, or personal attacks is prohibited.
Click here to review our site terms of use.

Submit your reply

Submit

The posting of advertisements, profanity, or personal attacks is prohibited.
Click here to review our site terms of use.

cancel

E-mail this review

Submit cancel

Report offensive content

If you believe this comment is offensive or violates the CNET's Site Terms of Use, you can report it below (this will not automatically remove the comment). Once reported, our staff will be notified and the comment will be reviewed.

Select type of offense:

Offensive: Sexually explicit or offensive language
Spam: Advertisements or commercial links
Disruptive posting: Flaming or offending other users
Illegal activities: Promote cracked software, or other illegal content
Submit cancel

See more CNET content tagged:

DHTML,
Knowledge Base article,
Windows Media,
attacker,
vulnerability
Click Here

Error

close

ERROR MESSAGE

If you think this is an error, please contact CNET TechTracker Support for further assistance.

Ok

Running Request

close

loading

Smart Install Software

close

CNET TechTracker will now automatically install software without requiring further action by you. (Note: This feature automatically accepts associated EULAs and third party applications on your behalf.)

You have selected the following software to Smart Install:

CNET TechTracker will attempt to install this software without interrupting you again. If an application requires manual installation, CNET TechTracker will download the installer and prompt you to take further action.

Proceed with Smart Install?

Confirm Standard Install Cancel

Submit a problem report for Microsoft Security Bulletin MS03-040

close

Please describe the problem you have with this software. This information will be sent to our editors for review.

Problem:

The CNET Installer isn't working as expected

The download link does not work

The software has a newer version

The software contains malware

Other

Description:

Please select a feedback type.

Please enter a description.

Submit Problem Report

Problem Report submitted

close

Thank you for submitting a problem report! The Download team is committed to providing you with accurate software information.

OK