Microsoft Security Bulletin MS05-002
Vulnerability in Cursor and Icon Format Handling Could Allow Remote Code Execution (891711)

Issued: January 11, 2005
Version: 1.1

Summary
Who should read this document: Customers using Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for more information.

Caveats: None

Tested Software and Security Update Download Locations:

Affected Software:

? Microsoft Windows NT Server 4.0 Service Pack 6a

? Microsoft Windows NT Server 4.0 Terminal Server Edition Service Pack 6

? Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4

? Microsoft Windows XP Service Pack 1

? Microsoft Windows XP 64-Bit Edition Service Pack 1

? Microsoft Windows XP 64-Bit Edition Version 2003

? Microsoft Windows Server 2003

? Microsoft Windows Server 2003 64-Bit Edition

? Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me) ? Review the FAQ section of this bulletin for details about these operating systems.


Non-Affected Software:

? Microsoft Windows XP Service Pack 2