Title: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) Released: 04 September 2002
Revised: 20 November 2002 (Version 4.0)
Software: Microsoft Windows, Microsoft Office for Mac, Microsoft Internet Explorer for Mac or Microsoft Outlook Express for Mac.
Impact: Identity spoofing and, in some cases, ability to gain control over a user's system. Title: Buffer Overrun In Microsoft Data Access Components Could Lead To Code Execution (Q329414) Date: 20 November, 2002
Software: Microsoft Data Access Components (MDAC) 2.1 /2.5 / 2.6, Microsoft Internet Explorer 5.01 / 5.5 / 6.0
Impact: Run code of attackers choice
Max Risk: Critical
Title: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) The original version of this bulletin was released on 05 September 2002. On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability. Download Title: Buffer Overrun In Microsoft Data Access Components Could Lead To Code Execution (Q329414) An identified security vulnerability could allow an attacker to compromise Microsoft® Windows®-based systems and then take any of a variety of actions, such as changing Web pages or reformatting your hard disk. You can help eliminate this issue by installing this update from Microsoft. Anyone using Microsoft Windows 2000, Windows Me, Windows 98 SE, Windows 98, or Windows NT® 4.0 needs the update. Windows XP is not affected by this issue. At greatest risk are systems that operate Web sites using Microsoft Internet Information Services (IIS) and anyone who browses the Web using Microsoft Internet Explorer. Download
Revised: 20 November 2002 (Version 4.0)
Software: Microsoft Windows, Microsoft Office for Mac, Microsoft Internet Explorer for Mac or Microsoft Outlook Express for Mac.
Impact: Identity spoofing and, in some cases, ability to gain control over a user's system. Title: Buffer Overrun In Microsoft Data Access Components Could Lead To Code Execution (Q329414) Date: 20 November, 2002
Software: Microsoft Data Access Components (MDAC) 2.1 /2.5 / 2.6, Microsoft Internet Explorer 5.01 / 5.5 / 6.0
Impact: Run code of attackers choice
Max Risk: Critical
Title: Certificate Validation Flaw Could Enable Identity Spoofing (Q329115) The original version of this bulletin was released on 05 September 2002. On 09 September 2002, we updated the bulletin to advise customers that a Microsoft-issued digital certificate, used to sign device drivers, did not meet the stricter validation standards established by the patch. As a result, customers who installed the patch could see unexpected error messages when installing new hardware, or in some cases might be unable to install new hardware altogether. On 20 November 2002, we released an updated version of the patch that not only eliminates this problem, but also eliminates a newly discovered variant of the original vulnerability. Download Title: Buffer Overrun In Microsoft Data Access Components Could Lead To Code Execution (Q329414) An identified security vulnerability could allow an attacker to compromise Microsoft® Windows®-based systems and then take any of a variety of actions, such as changing Web pages or reformatting your hard disk. You can help eliminate this issue by installing this update from Microsoft. Anyone using Microsoft Windows 2000, Windows Me, Windows 98 SE, Windows 98, or Windows NT® 4.0 needs the update. Windows XP is not affected by this issue. At greatest risk are systems that operate Web sites using Microsoft Internet Information Services (IIS) and anyone who browses the Web using Microsoft Internet Explorer. Download
