The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a Web page hosted on an attacker?s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.
A second vulnerability exists because of flaws associated with the handling of compiled HTML Help files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a Web page or HTML mail delivers a CHM file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the CHM file in the correct zone--the one associated with the Web page or HTML mail that delivered it--the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn?t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.
The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a CHM file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Update for Outlook 2003 Junk Email Filter (KB917149) This update provides the Junk E-mail Filter in Microsoft Office Outlook 2003 with a more current definition of which e-mail messages should be considered junk e-mail. This update was released in June 2006. This version is the first release on CNET Download
Microsoft SQL Server 2005 Service Pack 3 (32-bit) Microsoft SQL Server 2005 Service Pack 3 (32-bit) is cumulative, and this service pack upgrades all service levels of SQL Server 2005 to SP3. You can use these packages to upgrade Enterprise, Enterprise Evaluation, Developer, Standard, and Workgroup eidtio
Windows Phone Your computer and your Windows Phone 8 work together seamlessly with the Windows Phone app so you always have your photos, videos, and music, and more where you want them. Quickly share things from your phone with Windows 8 apps (like Photos, or Search). Y
Microsoft Expression Blend 2 August Preview Microsoft Expression Blend 2 is the professional design tool used to create engaging Web-connected experiences for Microsoft Windows. The Expression Blend 2 August Preview allows you to create Microsoft Silverlight based applications. This version is the f
Channel 9 for Windows 8 Channel 9 provides a way to browse and view videos on a variety of developer and consumer topics from the Channel9.msdn.com web site. It features p-in your favorite shows and keep up to date with Live Tiles, watch videos with your choice of Progressive or
Microsoft Platform Ready Test Tool Microsoft Platform Ready Test Tool is designed to help test your applications for compatibility with latest technologies and platforms from Microsoft. MPR Test Tool is a fully automated, wizard style tool that implements technical requirements described in
Microsoft Exchange Server Disable Certificate Verification Disable the Secure Sockets Layer (SSL) certificate check that is performed on a server running Exchange ActiveSync. This version is the first release on CNET Download.com.What is new in this release:This version is the first release on CNET Download.com.Re
Microsoft Download Manager Microsoft Download Manager enables you to download files simply and easily. It also makes downloading large files such as application and multimedia files quick and reliable. It also makes downloading large files such as application and multimedia files qu
Pocket PC Sample: Move an Access Database into the Emulation Sample Code for MSDN Article Move an Access Database into the Emulation. This sample application is to use in copying your Access 2000 database to the emulation environment. This Sample Code accompanys the MSDN Article Move an Access Database into the Emul
CS Defender Encryption uses a mathematical algorithm to scramble readable text that cannot be read unless the reader has the key to "unlock," or convert, the information back to its readable form.
CS Defender is advanced and efficient utility to translate your sens
OTP-Steg OTP-Steg is free software that allows you to embed a message into a PNG image file. OTP-Steg uses one-time pad (OTP) encryption in conjunction with least significant bit (LSB) image encoding.
There are three programs included:
1. Encrypt -- Allows yo
Crypt Console application for encrypting your files using GOST, DES, AES algorithm. Allows to encrypt & decrypt files of any size with these four algorithms. The application is running in console mode (use cmd.exe to run the application or FAR, Norton Commander)
SecExFile Home Edition From the developer: "This file encryption software uses a secure 128 bit cipher incorporating the AES candidate Twofish algorithm to warrant the security of your valuable data. SecExFile integrates fully with Windows Explorer and features an easy to use in
USB Flash Security++ Group Edition USB Flash Security is a security tool for mobile devices. It can help you to protect your mobile devices. It features protect data in USB flash memory by a password, format (FAT and FAT32), safely remove software which installed in protected area, limit of
PwdDoubleCheck PwdDoubleCheck is an easy-to-use application for checking the strength of your passwords on Windows-based systems. It can be used on both home and business PCs. Our product offers password logging and report printing for company auditing. Activate a trial
WebTV Denial of Service Vulnerability Patch (Windows Me) This patch eliminates a security vulnerability in Microsoft WebTV for Windows. There is a denial of service vulnerability in WebTV for Windows that may allow a malicious user to remotely crash either the WebTV for Windows application and/or the computer sy
Anti-File Hacking Anti-File hacking is a program which handles your privacy problem and also solves the problem of hacking your files either by another user or by a hacker . Anti-File hacking provide unique encryption which protect your files especially your photos and vide
PCTuneUp Program Lock To lock sensitive programs such as tax preparation software, personal finance program or other programs, PCTuneUp Free exe lock is designed for your demands. This free application lock software can lock executable programs on your computer with customized
Supported Operating Systems:
Windows 2000 |
Comments on Windows 2000 Unchecked Buffer Help Security Vulnerability Patch:
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10