Microsoft Windows DHTML Editing ActiveX Control Vulnerability

Posted on Tuesday, September 08, 2009 @ 14:48:08 CDT in Security
by Raven

SECUNIA ADVISORY ID: SA36592

VERIFY ADVISORY: http://secunia.com/advisories/36592/

CRITICAL: Highly Critical

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the bundled DHTML Editing Component ActiveX control when formatting HTML markup and can be exploited via a specially crafted web page. Successful exploitation may allow execution of arbitrary code.

SOLUTION: Apply patches.

Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=6dd4b0f8-6b54-49a6-a6df-9420f9fd3333
Windows XP S2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=8523d5be-88a2-4124-9b02-660f612e2a12
Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=dbc33f6b-61bf-409a-89b5-60002192e0e0
Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7478f73f-dd20-4cfa-a650-4c84f37ada2f
Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=88bf502d-1a7c-447a-ac4c-401e1698669b
Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=8d881ff8-f51f-4476-8cb6-2bebd5b2047f

PROVIDED AND/OR DISCOVERED BY: The vendor credits Tavis Ormandy, Google.

ORIGINAL ADVISORY: MS09-046 (KB956844): http://www.microsoft.com/technet/security/Bulletin/MS09-046.mspx
 
 
click Related        click Share
 
 
Associated Topics

Microsoft
 
News ©

Site Info

Last SeenLast Seen
  • moekin
  • kguske
Server TrafficServer Traffic
  • Total: 504,724,688
  • Today: 143,182
Server InfoServer Info
  • Mar 13, 2025
  • 02:32 pm CDT
 
 

Site Navigation