Icon of program: Windows 2000 ActiveX Para…

Windows 2000 ActiveX Parameter Validation Vulnerability Patch

Used Windows 2000 ActiveX Parameter Validation Vulnerability Patch for Windows?

Download.com has chosen not to provide a direct-download link for this product and offers this page for informational purposes only.

Editors’ Review

Download.com staff
This patch addresses a critical Windows 2000 vulnerability that could allow remote code execution through an unchecked buffer in an ActiveX control.

  • Pros

    • Eliminates a critical security vulnerability
    • Prevents unauthorized code execution
    • Protects against buffer overrun attacks
    • Mitigates risk from web and email vectors

  • Cons

    • Requires ActiveX controls to be enabled for exploitation
    • Existing security features offer partial protection
Icon of program: Windows 2000 ActiveX Para…

Windows 2000 ActiveX Parameter Validation Vulnerability Patch

Used Windows 2000 ActiveX Parameter Validation Vulnerability Patch for Windows?

Explore More

Full Specifications

GENERAL
Release
Latest update
Version
ms00-085
OPERATING SYSTEMS
Platform
Windows
Operating System
  • Windows 10
  • Windows 2000
Additional Requirements
None
POPULARITY
Total Downloads
54,603
Downloads Last Week
0
Report Software

Program available in other languages

Last Updated

User Reviews

1.7/5

3 User Votes

Developer’s Description

By Microsoft
Eliminate a Windows 2000 vulnerability allowing code to run on another machine.
This patch eliminates a security vulnerability in Microsoft Windows 2000. The vulnerability could allow enable a malicious user to potentially run code on another user's machine.

An ActiveX control that ships as part of Windows 2000 contains an unchecked buffer. If the control was called from a Web page or HTML mail using a specially-malformed parameter, it would be possible to cause code to execute on the machine via a buffer overrun. This could potentially enable a malicious user to take any desired action on the user's machine, limited only by the permissions of the user.

The vulnerability could only be exploited if ActiveX controls are enabled in IE, Outlook, or Outlook Express. The Security Zones feature in Internet Explorer enables customers to limit what Web sites can do, and customers who have used the feature to prevent untrusted sites from invoking ActiveX controls would be at minimal risk from the Web-based attack scenario. Customers who have applied the Outlook Security Update would be protected against the mail-borne scenario, since it moves mail into the Restricted Sites Zone, thereby preventing HTML mails from invoking ActiveX controls.

See the ActiveX Parameter Validation Vulnerability FAQ for more information.

Download.com
Your review for Windows 2000 ActiveX Parameter Validation Vulnerability Patch