Icon of program: Microsoft Windows XP (32-…

Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch

Download now

Used Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch for Windows?

This patch is for the Windows XP 32-bit edition.

Editors’ Review

Download.com staff
This security update addresses a critical vulnerability in the Windows Shell. It prevents malicious users from exploiting a buffer overrun attack to gain control of your system.

  • Pros

    • Protects against malicious buffer overrun attacks
    • Prevents unauthorized control of Windows XP systems
    • Addresses vulnerability in audio file attribute extraction
    • Mitigates risk from corrupted MP3/WMA files

  • Cons

    • Requires user action (hovering or opening files)
    • Exploitable via web, network shares, and email
    • Successful attack can crash or compromise system
Icon of program: Microsoft Windows XP (32-…

Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch

Download now

Used Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch for Windows?

Explore More

Full Specifications

GENERAL
Release
Latest update
Version
MS02-072
OPERATING SYSTEMS
Platform
Windows
Operating System
  • Windows 10
  • Windows XP
Additional Requirements
Windows XP 32-bit
POPULARITY
Total Downloads
17,537
Downloads Last Week
6
Report Software

Program available in other languages

Last Updated

User Reviews

1/5

1 User Votes

Developer’s Description

By Microsoft
Prevent malicious users from compromising your computer and gaining complete control over your Windows XP system.
The Windows Shell is responsible for providing the basic framework of the Windows user interface experience. It is most familiar to users as the Windows Desktop, but also provides a variety of other functions to help define the user's computing session, including organizing files and folders, and providing the means to start applications.

An unchecked buffer exists in one of the functions used by the Windows Shell to extract custom attribute information from audio files. A security vulnerability results because it is possible for a malicious user to mount a buffer overrun attack and attempt to exploit this flaw.

An attacker could seek to exploit this vulnerability by creating an MP3 or a WMA file that contains a corrupt custom attribute and then host it on a Web site or on a network share, or send it via an HTML e-mail. If a user were to hover his or her mouse pointer over the icon for the file (either on a Web page or on the local disk), or open the shared folder where the file is stored, the vulnerable code would be invoked. An HTML e-mail could cause the vulnerable code to be invoked when a user opens or previews the e-mail. A successful attack could have the effect of either causing the Windows Shell to fail, or causing an attacker's code to run on the user's computer in the security context of the user.

For more information about the vulnerabilities this update addresses, read the associated Microsoft Security Bulletin.

Download.com
Your review for Microsoft Windows XP (32-bit) Unchecked Buffer Vulnerability Patch