I agree with Lee's assessment, that you should try downloading the update from the catalog to your hard drive, and then install it locally. This sometimes clears up problems of this nature.
HOW TO: Download Windows Updates and Drivers from the Windows Update Catalog:
http://support.microsoft.com/default...b;EN-US;323166
....glen
--
Glen Ventura, MS MVP W95/98 Systems
"Jay Anderson" <vze23r5d@verizon.net> wrote in message news:019a01c36f49$613f9b00$a601280a@phx.gbl...
Hi, here is what I have to keep downloading over and over.
Buffer Overrun In HTML Converter Could Allow Code
Execution (823559)
Originally posted: July 9, 2003
Updated: July 10, 2003
Summary
Who should read this bulletin: Users running Microsoft ®
Windows ®
Impact of vulnerability: Run code of attacker's choice
Maximum Severity Rating: Critical
Recommendation: Systems administrators should apply the
patch immediately
Affected Software:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Technical details
Technical description:
All versions of Microsoft Windows contain support for file
conversion within the operating system. This functionality
allows users of Microsoft Windows to convert file formats
from one to another. In particular, Microsoft Windows
contains support for HTML conversion within the operating
system. This functionality allows users to view, import,
or save files as HTML.
There is a flaw in the way the HTML converter for
Microsoft Windows handles a conversion request during a
cut-and-paste operation. This flaw causes a security
vulnerability to exist. A specially crafted request to the
HTML converter could cause the converter to fail in such a
way that it could execute code in the context of the
currently logged-in user. Because this functionality is
used by Internet Explorer, an attacker could craft a
specially formed Web page or HTML e-mail that would cause
the HTML converter to run arbitrary code on a user's
system. A user visiting an attacker's Web site could allow
the attacker to exploit the vulnerability without any
other user action.
To exploit this vulnerability, the attacker would have to
create a specially-formed HTML e-mail and send it to the
user. Alternatively, an attacker would have to host a
malicious Web site that contains a Web page designed to
exploit this vulnerability. The attacker would then have
to persuade a user to visit that site.
Mitigating factors:
By default, Internet Explorer on Windows Server 2003 runs
in Enhanced Security Configuration. This default
configuration of Internet Explorer blocks automatic
exploitation of this attack. If Internet Explorer Enhanced
Security Configuration has been disabled, the protections
put in place that prevent this vulnerability from being
automatically exploited would be removed.
In the Web-based attack scenario, the attacker would have
to host a Web site that contained a Web page used to
exploit this vulnerability. An attacker would have no way
to force users to visit a malicious Web site outside the
HTML e-mail vector. Instead, the attacker would need to
lure them there, typically by getting them to click a link
that would take them to the attacker's site.
Exploiting the vulnerability would allow the attacker only
the same privileges as the user. Users whose accounts are
configured to have few privileges on the system would be
at less risk than ones who operate with administrative
privileges.
Severity Rating: Windows 98 Second Edition Critical
