Click Here to Install Silverlight*
United StatesChange|All Microsoft Sites
Microsoft
Download Center 
Search Advanced Search

Security Update for Windows XP Embedded with SP1 (825119)

Brief Description
This update addresses MS03-044: Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)

On This Page

Quick Details
Version:1.1
Security Bulletins:MS03-044
Knowledge Base (KB) Articles:KB811279
Date Published:9/14/2004
Language:English
Download Size:23 KB - 479
*Download size depends on selected download components.

Overview

A security vulnerability exists in the Help and Support Center function which ships with Windows XP and Windows Server 2003. The affected code is also included in all other supported Windows operating systems, although no known attack vector has been identified at this time because the HCP protocol is not supported on those platforms. The vulnerability results because a file associated with the HCP protocol contains an unchecked buffer.

An attacker could exploit the vulnerability by constructing a URL that, when clicked on by the user, could execute code of the attacker’s choice in the Local Computer security context. The URL could be hosted on a web page, or sent directly to the user in email. In the web based scenario, where a user then clicked on the URL hosted on a website, an attacker could have the ability to read or launch files already present on the local machine.

The risk of attack from the HTML email vector can be significantly reduced if the following conditions are met:

  • You have applied the patch included with Microsoft Security bulletin MS03-040
  • You are using Internet Explorer 6 or later
  • You are using the Microsoft Outlook Email Security Update or Microsoft Outlook Express 6.0 and higher, or Microsoft Outlook 2000 or higher in their default configuration.


YOU MAY NOT PROVIDE THIS UPDATE OR THE LOCATION (URL) OF THIS UPDATE TO ANY THIRD PARTIES.

 Top of page

System Requirements

  • Supported Operating Systems: Windows 2000; Windows Server 2003; Windows XP; Windows XP Embedded

 Top of page

Instructions

Important: This QFE requires Repository look-up may cause incorrect files to be copied (Q811279) be installed prior to this fix.

  1. Download Q825119_XPE_SP2_x86_ENU.exe from this page.
  2. Execute Q825119_XPE_SP2_x86_ENU.exe on a machine with the Windows XP Embedded with Service Pack 1 tools installed.
This package will automatically import updated and new .sld files into the current database specified in Component Database Manager. It will also copy new binaries into the Windows XP Embedded with Service Pack 1 QFE Repository folder.

Some of the .sld files may also require importing new repository objects. The new repositories will be created on the repository root holding the main Windows XP Embedded with Service Pack 1 repository. For information on moving repositories to other locations, see Moving a Repository in your Windows Embedded Studio documentation.

After importing this update into your database, add one of the following components to your configuration(s) if you wish to use this update:

  • HTML Help Engine - Hotfix Q825119

See Importing Components into the Database for more information.

 Top of page

Files in This Download

The links in this section correspond to separate files available in this download. Download the files most appropriate for you.
File Name:File Size

Additional_Info_Q825119.RTF

23 KB

q825119_xpe_sp2_x86_enu.exe

457 KB

 Top of page

 Top of page

© 2009 Microsoft Corporation. All rights reserved. Contact Us |Terms of Use |Trademarks |Privacy Statement