MS05-002: Vulnerability in cursor and icon format handling could allow remote code execution (891711)


The information in this article applies to:

  • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Datacenter Edition for Itanium-based Systems
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows 2000 Advanced Server SP4
  • Microsoft Windows 2000 Advanced Server SP3
  • Microsoft Windows 2000 Datacenter Server SP4
  • Microsoft Windows 2000 Datacenter Server SP3
  • Microsoft Windows 2000 Server SP4
  • Microsoft Windows 2000 Server SP3
  • Microsoft Windows 2000 Professional SP4
  • Microsoft Windows 2000 Professional SP3
  • Microsoft Windows XP Professional 64-Bit Edition (Itanium) 2003
  • Microsoft Windows XP Service Pack 1
  • Microsoft Windows XP 64-Bit Edition Version 2003
  • Microsoft Windows XP 64-Bit Edition Version 2002
  • Microsoft Windows XP 64-Bit Edition Version 2002 SP1
  • Microsoft Windows NT Server 4.0 SP6a
  • Microsoft Windows NT Server 4.0 Terminal Server Edition SP6
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition

Technical update

April 12, 2005:
  • Security update 891711 Microsoft Windows Millennium Edition, Windows 98 Second Edition, and Windows 98 packages were re-released on April 12, 2005.
  • When you install the security update 891711 original packages on a computer that is running Windows Millennium Edition, Windows 98 Second Edition, or Windows 98, the computer may stop responding. This issue has been corrected in the April 12, 2005, release.
  • The April 12, 2005, release runs as a system service on Windows Millennium Edition, Windows 98 Second Edition, and Windows 98. The Close Program dialog box does not list Kb891711.exe.
  • The "Known issues" section was added to this article.
Microsoft has released security bulletin MS05-002. The security bulletin contains all the relevant information about the security update. This includes file manifest information and deployment options. To view the complete security bulletin, visit the following Microsoft Web site:

Known issues

The following known issues only apply to the packages that were re-released on April 12, 2005:
  • Uninstalling security update 891711 removes the entries from the registry and deletes the files from the system. However, uninstalling security update 891711 leaves an empty folder on the system.
  • On a computer that is running Windows Millennium Edition, Microsoft System Information (MSINFO32) does not list security update 891711. The Windows 98 and Windows 98 Second Edition version of MSINFO32 does list security update 891711 (Kb891711.exe). Most third-party applications that display processes will list Kb891711.exe.
  • On a computer that is running Windows Millennium Edition, Windows 98 Second Edition, or Windows 98, System Configuration Utility (MSCONFIG) only shows Kb891711.exe on the Startup tab.
  • If you disable the previous release through MSCONFIG, MSCONFIG may have two entries of Kb891711.exe after you install the version of security update 891711 that was re-released on April 12, 2005. One of these entries is selected, and one of these entries is not selected. When you select the entry that is not selected, MSCONFIG prompts you to restart the computer. After you restart the computer, only one entry is listed, and the one entry is selected. This behavior occurs because of the behavior of MSCONFIG and does not affect the ability of security update 891711 to help protect the computer as long as one of the entries is selected.
Modification Type:MajorLast Reviewed:5/15/2006
Keywords:kbQFE kbSecurity KbSECBulletin KbSECVulnerability kbWinXPpreSP2fix kbBug kbfix kbWinServ2003preSP1fix kbWin2000preSP5fix kbWinNT400PreSP7Fix kbHotfixServer KB891711
©2004 Microsoft Corporation. All rights reserved.