Hyperlink Object Library Could Allow Remote Code Execution

Reported February 8, 2005 by Microsoft

VERSIONS AFFECTED


  • Windows 2000 SP3 and SP4

  • Windows XP SP1 and SP2

  • Windows Server 2003

  • Windows Me and 9x

DESCRIPTION


An unchecked buffer exists in the Hyperlink Object Library which could allow an intruder to construct a hyperlink that, when clicked by a user, could allow the intruder to take complete control of a user's system.

VENDOR RESPONSE

Microsoft has released Security Bulletin MS05-015, "Vulnerability in Hyperlink Object Library Could Allow Remote Code Execution (888113)," and an associated patch.

CREDIT

Anna Hollingzworth



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish