MS03-045: Buffer overrun in the ListBox and in the ComboBox Control could allow code execution
This article has been archived. It is offered "as is" and will no longer be updated.
Microsoft has released security bulletin MS03-045. The security bulletin contains all the relevant information about the security patch, including file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:
This fix introduces roaming profile folder ownership checks. Verify that the ownership of roaming profiles is correct as described in the following Microsoft Knowledge Base article:
Windows XP SP1 and Windows 2000 SP4 checks for existing roaming user profile folders when a roaming user profile is created
For more information about the latest service pack for Windows XP, click the following article number to view the article in the Microsoft Knowledge Base:
How to obtain the latest Windows XP service pack
This bug was corrected in Windows Server 2003 Service Pack 1.
security_patch security bug context flaw vulnerability malicious attacker exploit registry unauthenticated buffer overrun overflow Local Elevation of Privilege URL specially-formed scope link hyperlink specially-crafted 2000 TSE 2003 WinNT Win2000 4.0 listbox combobox control user32.dll messages utility manager logon credentials Wuser32.dll Msgsvc.dll Wkssvc.dll Basesrv.dll Cmd.exe Gdi32.dll Kernel32.dll Msgina.dll Rdpwd.sys Userenv.dll Win32k.sys Winlogon.exe Winsrv.dll
Article ID: 824141 - Last Review: 02/27/2014 18:44:29 - Revision: 6.4
Applies to Microsoft Windows Server 2003, Standard Edition (32-bit x86) Microsoft Windows Server 2003, Enterprise x64 Edition Microsoft Windows Server 2003, Enterprise Edition (32-bit x86) Microsoft Windows XP Professional Microsoft Windows XP Media Center Edition Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Home Edition Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Professional Edition Microsoft Windows 2000 Server Microsoft Windows NT Server 4.0 Standard Edition Microsoft Windows NT Server 4.0, Terminal Server Edition Microsoft Windows NT Workstation 4.0 Developer Edition Keywords: kbnosurvey kbarchive kbhotfixserver kbqfe atdownload kbwinxpsp2fix kbsecurity kbsecbulletin kbsecvulnerability kbwinxppresp2fix kbbug kbfix kbwinserv2003presp1fix kbwin2000presp5fix kbwinnt400presp7fix KB824141