Microsoft Windows HTML Help ActiveX Control Vulnerability

Posted on Tuesday, February 13, 2007 @ 18:18:43 CST in Security
by Raven

SECUNIA ADVISORY ID: SA24136
VERIFY ADVISORY: http://secunia.com/advisories/24136/
CRITICAL: Highly critical

IMPACT: System access

WHERE: >From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server - http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server - http://secunia.com/product/1177/
Microsoft Windows 2000 Professional - http://secunia.com/product/1/
Microsoft Windows 2000 Server - http://secunia.com/product/20/
Microsoft Windows Server 2003 Datacenter Edition - http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition - http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition - http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition - http://secunia.com/product/1176/
Microsoft Windows XP Home Edition - http://secunia.com/product/16/
Microsoft Windows XP Professional - http://secunia.com/product/22/

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to certain parameters not being properly initialised by the HTML ActiveX control (Hhctrl.ocx) when handling certain methods. Successful exploitation allows execution of arbitrary code when a user e.g. visits a malicious website.

NOTE: Other unspecified issues discovered internally by Microsoft have also been reported.

SOLUTION: Apply patches.
Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?FamilyId=211a9c07-88ff-4ae4-a82a-ce2045c6c4fe
Windows XP SP2: http://www.microsoft.com/downloads/details.aspx?FamilyId=a3700273-d7da-4a60-ba80-c95c8036d670
Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=69ef4daa-cf0f-4898-8675-911428e7fd74
Windows Server 2003 (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=5a1f1607-b6ec-41e2-aac0-34387f1211a7
Windows Server 2003 for Itanium-based systems (optionally with SP1): http://www.microsoft.com/downloads/details.aspx?FamilyId=d638c8e8-5fbe-4a32-945c-440a4b684b0f
Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=65bf2245-6c89-43db-8d28-12988791c395

PROVIDED AND/OR DISCOVERED BY: The vendor credits HD Moore, BreakingPoint Systems.

ORIGINAL ADVISORY: MS07-008 (KB928843): http://www.microsoft.com/technet/security/Bulletin/MS07-008.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info

Last SeenLast Seen
  • vashd1
  • neralex
Server TrafficServer Traffic
  • Total: 513,682,797
  • Today: 17,986
Server InfoServer Info
  • Apr 27, 2025
  • 06:20 am CDT
 
 

Site Navigation