Windows

Security Update for Windows XP Embedded with SP1 (KB823559)

Share
Language:
English
Download
This update addresses the Buffer Overrun In HTML Converter Could Allow Code Execution (823559) for Windows XP Embedded with SP1.

  • Details
    File name:
    Date Published:

    Additional_Info_Q823559.RTF

    05/08/2003
    Version:
    File size:

    1.1

    13 KB
      This is the Microsoft Windows XP Embedded with Service Pack 1 component update to address MS03-023: Buffer Overrun In HTML Converter Could Allow Code Execution (823559).

      All versions of Microsoft Windows contain support for file conversion within the operating system. This functionality allows users of Microsoft Windows to convert file formats from one to another. In particular, Microsoft Windows contains support for HTML conversion within the operating system. This functionality allows users to view, import, or save files as HTML.

      There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.

      To exploit this vulnerability, the attacker would have to create a specially-formed HTML e-mail and send it to the user. Alternatively, an attacker would have to host a malicious Web site that contains a Web page designed to exploit this vulnerability. The attacker would then have to persuade a user to visit that site.

      YOU MAY NOT PROVIDE THIS UPDATE OR THE LOCATION (URL) OF THIS UPDATE TO ANY THIRD PARTIES.

  • System Requirements
    Supported Operating System

    Windows 2000, Windows Server 2003, Windows XP

  • Install Instructions
      Important: This QFE requires Repository look-up may cause incorrect files to be copied (Q811279) be installed prior to this fix.

      1. Click the Download link to start the download.
      2. Do one of the following:
        • To start the installation immediately, click Open or Run this program from its current location.
        • To copy the download to your computer for installation at a later time, click Save or Save this program to disk.
      3. Run Q823559_XPE_SP2_x86_ENU.exe on a machine with the Windows XP Embedded with Service Pack 1 tools installed.

      This package will automatically import updated and new .sld files into the current database specified in Component Database Manager. It will also copy new binaries into the Windows XP Embedded with Service Pack 1 QFE Repository folder.

      Some of the .sld files may also require importing new repository objects. The new repositories will be created on the repository root holding the main Windows XP Embedded with Service Pack 1 repository. For information on moving repositories to other locations, see Moving a Repository in your Windows Embedded Studio documentation.

      After importing this update into your database, add the following components to your configuration(s) if you wish to use this update:

      • Internet Explorer - Hotfix Q823559

      • WordPad Text Converters - Hotfix Q823559


      See Importing Components into the Database for more information.

Popular Downloads

Free PC updates

  • Security patches
  • Software updates
  • Service packs
  • Hardware drivers
Run Microsoft Update
close
more info
©2013 Copyright