The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a Web page hosted on an attacker?s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.
A second vulnerability exists because of flaws associated with the handling of compiled HTML Help files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a Web page or HTML mail delivers a CHM file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the CHM file in the correct zone--the one associated with the Web page or HTML mail that delivered it--the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn?t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.
The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a CHM file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Exchange 5.5 Information Store Patch 2657.74 Exchange 5.5 Information Store Patch 2657.74 resolves problems that were found in the Exchange Server 5.5 Information Store since SP4 was released. This version is the first release on CNET Download.com.What is new in this release:This version is the first
Web Client Software Factory - June 2007 The Web Client Software Factory provides an integrated set of guidance that assists architects and developers in creating composite Web client applications. This version is the first release on CNET Download.com.What is new in this release:This version is
Galactic Reign for Windows 8 Galactic Reign is a head-to-head game of tactical expansion and conquest. You and your opponent colonize planets, design ships, and build fleets as you fight for domination of the galaxy. Ship design is crucial, as you must predict what their opponent is b
ISAPI Automation Server Extension ISAPI Automation Server Extension is an update containing the latest version of the FoxIsapi Web utility. ISAPI Automation Server Extension contains a newer version than that included in Visual FoxPro 6.0 Service Pack 3. The new version now includes improv
Microsoft Plus PhotoStory LE Similar to RealSlideshow, Microsoft's PhotoStory allows you to create slideshows using your digital photos. With a single click, you can touch-up, crop, or rotate pictures. Add stunning special effects, soundtracks, and your own voice narration to your pho
Microsoft USB Wireless Mouse Driver The package provides the installation files for Microsoft USB Wireless Mouse Driver 188.8.131.52.In order to manually update your driver, follow the steps below (the next steps):1. Go to Device Manager (right click on My Computer, choose Manage and then find
OneNote Password Recovery OneNote Password Recovery is a program to recover lost or forgotten passwords for Microsoft OneNote notebooks and sections. Multilingual passwords are supported. All versions of Microsoft OneNote are supported. Version 2.0.7 may include unspecified updates
FlashFXP Password Recovery Forgot your FTP site password? Despair not! This little utility will recover all FlashFXP passwords for you. Locate the Sites.dat file in your FlashFXP directory, hit the "Decrypt" button and all passwords will be shown. Couldn't be easier.Requirements:Win
MD5/SHA1 Hash Extractor MD5/SHA1 Hash Extractor can be used to form a "practically unique" key of any data. This tiny MD5/SHA1 extractor has a Windows GUI and can extract hashes out of files of terabytes size. When using a one-way hash function, one can compare a calculated messa
PackMan - Package Manager Encryption for e-mail and attachments, or store private files on public servers. PackMan (Package Manager) stores files within its own compressed and ciphered file format. It works very well with outlook or other windows email clients to authenticate and s
Accent Word Password Recovery Lost a password for opening a Microsoft Word document? Lost a password for saving changes to a document? Not a problem with Accent WORD Password Recovery!
The password for saving changes will be found almost instantly. The same goes for passwords for o
eLibrary Creator Basic Edition With "eLibrary Creator" you can make any eLibraries without having any special knowledge or skills. Using eLibrary creator you can create e-libraries with your content to distribute or sale withhigh security like RRK and USB Dongle. What is an eLibrary? G
AxCrypt Portable AxCrypt Portable features easy to use strong file encryption, integrated with Windows Explorer. Encrypt, compress, decrypt, wipe, view and edit with a few mouse clicks. Cryptographic primitives are AES-128 and SHA-1. A combination of strong symmetric encry
Private Room Create a private room on your PC Let you own a private data-space which you can take along with you. And, you can open it on any PC at any time. Keep you private information secret (for the family customer), Transfer data safely and conveniently (for the o
SoftProtect Effective encryption software - SoftProtect It keeps all your confident information from being misused by other persons. Any file or program could be encrypted into one single viable file with the help of this software. You can use USB stick, PC hardware,
Windows 2000 Group Policy File Vulnerability Patch This update resolves the "Opening Group Policy Files for Exclusive Read Access Blocks Policy Application" issue affecting Windows 2000 domain controllers and is discussed in Microsoft Security Bulletin MS02-016. Download it to prevent an attacker from bloc
Supported Operating Systems:
Windows 2000 |
Comments on :
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10