Reported
February 26, 2003, by Microsoft.
VERSIONS AFFECTED
·
Windows Me
DESCRIPTION
A
new vulnerability in the Windows Me version of Help and Support Center could
result in the execution of arbitrary code on a vulnerable system. This
vulnerability stems from an unchecked buffer in the URL handler for the hcp://
prefix. An
attacker could exploit this vulnerability by constructing a URL that, when
activated, could execute code of the attacker's choice in the Local Computer
security context of the user's system.
VENDOR RESPONSE
The vendor, Microsoft,
has released Security Bulletin MS03-006,
"Flaw
in Windows Me Help and Support Center Could Enable Code Execution (812709),"
to address this vulnerability and recommends that affected users immediately
apply the appropriate patch mentioned in the bulletin.
CREDIT
Discovered
by Microsoft.
Unchecked Buffer in Microsoft Windows Me's Help and Support Center
0 comments
Hide comments