Reported July 13, 2004, by Microsoft
VERSIONS AFFECTED
|
DESCRIPTION
The following two new vulnerabilities in Windows could allow the remote
execution of arbitrary code on the vulnerable system:
- showHelp vulnerability—A remote code-execution vulnerability exists in the processing of a specially crafted showHelp URL. The vulnerability could allow malicious code to run in the Local Machine security zone in Internet Explorer (IE), thereby letting an attacker take complete control of an affected system.
- HTML Help vulnerability - A remote code-execution vulnerability exists in HTML Help that could allow remote code execution on an affected system. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system.
VENDOR RESPONSE
Microsoft has released
bulletin MS04-023, "Vulnerability in HTML Help Could Allow Code
Execution (840315)," to address these vulnerabilities and recommends that
affected users apply the appropriate patch listed in the bulletin.
CREDIT
Discovered by Brett Moore.
0 comments
Hide comments