Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft HTML Help Input Validation Error Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1010690
|
|
SecurityTracker URL: http://securitytracker.com/id?1010690
|
|
CVE Reference: CAN-2004-0201
(Links to External Site)
|
Date: Jul 13 2004
|
Impact: Execution of arbitrary code via network, Root access via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in the Microsoft HTML Help. A remote user may be able to execute arbitrary code on the target user's system.
The vendor reported that a remote user can create a specially crafted URL that, when loaded by the target user, will cause arbitrary
code to be executed on the target user's system with the privileges of the target user. HTML Help does not properly validate input
data, the report said.
The vendor credits Brett Moore of Security-Assessment.com with reporting this flaw.
|
Impact: A remote user can execute arbitrary code on the target user's system. The code will run with the privileges of the target user.
|
Solution: The vendor has issued the following fixes:
For Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft
Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3F2F1A7D-5CF2-4791-A7EE-07F20F75796C&displaylang=en
For
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B412C7F-44AD-4E77-8973-FD3E84CC496A&displaylang
=en
For Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0042DB67-C58B-412C-A24F-9D2AA8071897&displayl
ang=en
For Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF0C5C4E-D986-4AD5-95E0-E87106D7C019&display
lang=en
For Microsoft Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B53C35D-E9ED-46AD-936C-30C8E3A7E606&displaylang=en
For
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF0C5C4E-D986-4AD5-95E0-E87106D7C019&displaylang=en
For
Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows Millennium Edition (Me), see the FAQ section
of the vendor bulletin for details about these operating systems:
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
For
Internet Explorer 6.0 Service Pack 1 when installed on Windows NT 4.0 SP6a (Workstation, Server, or Terminal Server Edition):
http://www.microsoft.com/downloads/detail
s.aspx?FamilyId=18D026D3-3D93-4845-94AD-4F2656500D7A&displaylang=en
The vendor plans to include this fix as part of Windows Server
2003 Service Pack 1, Windows XP Service Pack 2, and Windows 2000 Service Pack 5.
A restart may be required.
|
Vendor URL: www.microsoft.com/technet/security/bulletin/ms04-023.mspx (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 13 Jul 2004 14:55:16 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
|
Microsoft Security Bulletin MS04-023
Vulnerability in HTML Help Could Allow Code Execution (840315)
Microsoft® Windows®
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
Microsoft warns that althought Windows NT Workstation 4.0, Windows NT Server 4.0 and
Windows NT 4.0 Terminal Server Edition are not affected by default, if you have installed
Internet Explorer 5.5 Service Pack 2 or Internet Explorer 6.0 Service Pack 1, then you
will have the vulnerable component on your system.
Microsoft Windows 2000 Service Pack 2, Microsoft Windows 2000 Service Pack 3, Microsoft
Windows 2000 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3F2F1A7D-5CF2-4791-A7EE-07F20F75796C&dis
playlang=en
Microsoft Windows XP and Microsoft Windows XP Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B412C7F-44AD-4E77-8973-FD3E84CC496A&dis
playlang=en
Microsoft Windows XP 64-Bit Edition Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=0042DB67-C58B-412C-A24F-9D2AA8071897&dis
playlang=en
Microsoft Windows XP 64-Bit Edition Version 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF0C5C4E-D986-4AD5-95E0-E87106D7C019&dis
playlang=en
Microsoft Windows Server™ 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8B53C35D-E9ED-46AD-936C-30C8E3A7E606&dis
playlang=en
Microsoft Windows Server 2003 64-Bit Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=DF0C5C4E-D986-4AD5-95E0-E87106D7C019&dis
playlang=en
For Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE), and Microsoft Windows
Millennium Edition (Me), see the FAQ section of the vendor bulletin for details about
these operating systems:
http://www.microsoft.com/technet/security/bulletin/ms04-023.mspx
For Internet Explorer 6.0 Service Pack 1 when installed on Windows NT 4.0 SP6a
(Workstation, Server, or Terminal Server Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=18D026D3-3D93-4845-94AD-4F2656500D7A&dis
playlang=en
|
|
Go to the Top of This SecurityTracker Archive Page
|
