Windows 2000 ActiveX Parameter Validation Vulnerability Patch (MS00-085)

• Quick specs
• Price: Free
• Operating system:
• Date added: November 06, 2000
• Total Downloads: 48,991
• Downloads last week: 12
• See full specifications

Add to my list Add to my Watch List

Download Now (285.79K)

Tested spyware free

Publisher's description

This patch eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could allow enable a malicious user to potentially run code on another user's machine.

An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a Web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desired action on the user's machine, limited only by the permissions of the user.

The vulnerability could only be exploited if ActiveX controls are enabled in IE, Outlook, or Outlook Express. The Security Zones feature in Internet Explorer enables customers to limit what Web sites can do, and customers who have used the feature to prevent untrusted sites from invoking ActiveX controls would be at minimal risk from the Web-based attack scenario. Customers who have applied the Outlook Security Update would be protected against the mail-borne scenario, since it moves mail into the Restricted Sites Zone, thereby preventing HTML mails from invoking ActiveX controls.

See the ActiveX Parameter Validation Vulnerability FAQ for more information.

Crystal Reports 2008

Open, view, interact with, and share reports and dashboards over the Web securely.

Download Now

More popular Encryption Software downloads

1. 42,807 downloads 1. Hotspot Shield
2. 41,529 downloads 2. RoboForm
3. 32,872 downloads 3. Computer Use Reporter
4. 7,727 downloads 4. Folder Lock
5. 5,291 downloads 5. RAR Password Cracker
6. See all Encryption Software downloads