PCWorks: Windows HTML Help ActiveX Control Vulnerability

Thread: PCWorks: Windows HTML Help ActiveX Control Vulnerability

Search this list only Search all lists
PCWorks: Windows HTML Help ActiveX Control Vulnerability
United States	2007-02-19 09:07:30
TITLE: Microsoft Windows HTML Help ActiveX Control Vulnerability SECUNIA ADVISORY ID: SA24136 VERIFY ADVISORY: http://secunia.c om/advisories/24136/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/pro duct/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/p roduct/1177/ Microsoft Windows 2000 Professional http://secunia.com/prod uct/1/ Microsoft Windows 2000 Server http://secunia.com/pro duct/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/p roduct/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/p roduct/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/p roduct/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/p roduct/1176/ Microsoft Windows XP Home Edition http://secunia.com/pro duct/16/ Microsoft Windows XP Professional http://secunia.com/pro duct/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to certain parameters not being properly initialised by the HTML ActiveX control (Hhctrl.ocx) when handling certain methods. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website. NOTE: Other unspecified issues discovered internally by Microsoft have also been reported. SOLUTION: Apply patches. Windows 2000 SP4: http://www.microsof t.com/downloads/details.aspx?FamilyId=211a9c07-88ff-4ae4-a82 a-ce2045c6c4fe Windows XP SP2: http://www.microsof t.com/downloads/details.aspx?FamilyId=a3700273-d7da-4a60-ba8 0-c95c8036d670 Windows XP Professional x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=69ef4daa-cf0f-4898-867 5-911428e7fd74 Windows Server 2003 (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=5a1f1607-b6ec-41e2-aac 0-34387f1211a7 Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsof t.com/downloads/details.aspx?FamilyId=d638c8e8-5fbe-4a32-945 c-440a4b684b0f Windows Server 2003 x64 Edition: http://www.microsof t.com/downloads/details.aspx?FamilyId=65bf2245-6c89-43db-8d2 8-12988791c395 ORIGINAL ADVISORY: MS07-008 (KB928843): http://www.microsoft.com/technet/security/Bullet in/MS07-008.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/r ules.htm Contact list owner <owner-pcworksimagicomm.com> Unsubscribing and other changes: http://pcworkers.com =====================================================

[1]

about | contact Other archives ( Real Estate discussion Medical topics )