Microsoft Security Bulletin MS03-040 for Windows
- By Microsoft
- Free
- User Rating
Key Details of Microsoft Security Bulletin MS03-040
Developer's Description
- A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML�???�??�?�¢??based e-mail that would attempt to exploit this vulnerability.
- A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it could be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML�???�??�?�¢??based e-mail that would attempt to exploit this vulnerability.
As with the previous Internet Explorer cumulative patches released with bulletins MS03-004, MS03-015, MS03-020, and MS03-032, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.
In addition to applying this security patch it is recommended that users also install the Windows Media Player update referenced in Knowledge Base Article 828026. This update is available from Windows Update as well as the Microsoft Download Center for all supported versions of Windows Media Player. While not a security patch, this update contains a change to the behavior of Windows Media Player�???�??�?�¢??s ability to launch URLs to help protect against DHTML behavior based attacks. Specifically, it restricts Windows Media Player�???�??�?�¢??s ability to launch URLs in the local computer zone from other zones.
Microsoft Security Bulletin MS03-040 for Windows
- By Microsoft
- Free
- User Rating