The HTML Help facility in Windows includes an ActiveX control that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a Web page hosted on an attacker?s site or sent to a user as an HTML mail. An attacker who successfully exploited the vulnerability would be able to run code in the security context of the user, thereby gaining the same privileges as the user on the system.
A second vulnerability exists because of flaws associated with the handling of compiled HTML Help files that contain shortcuts. Because shortcuts allow HTML Help files to take any desired action on the system, only trusted HTML Help files should be allowed to use them. Two flaws allow this restriction to be bypassed. First, the HTML Help facility incorrectly determines the Security Zone in the case where a Web page or HTML mail delivers a CHM file to the Temporary Internet Files folder and subsequently opens it. Instead of handling the CHM file in the correct zone--the one associated with the Web page or HTML mail that delivered it--the HTML Help facility incorrectly handles it in the Local Computer Zone, thereby considering it trusted and allowing it to use shortcuts. This error is compounded by the fact that the HTML Help facility doesn?t consider what folder the content resides in. Were it to do so, it could recover from the first flaw, as content within the Temporary Internet Folder is clearly not trusted, regardless of the Security Zone it renders in.
The attack scenario for this vulnerability would be complex, and involves using an HTML mail to deliver a CHM file that contains a shortcut, then making use of the flaws to open it and allow the shortcut to execute. The shortcut would be able to perform any action the user had privileges to perform on the system.
Like it? Share with your friends!
Other Windows Software of Developer «Microsoft»:
Microsoft USB Keyboard Driver for Windows 10 The package provides the installation files for Microsoft USB Keyboard Driver 188.8.131.52.In order to manually update your driver, follow the steps below (the next steps):1. Go to Device Manager (right click on My Computer, choose Manage and then find Device
SQL Server XML View Mapper Microsoft SQL Server View Mapper enables you to produce an XML View schema file that relates an XDR schema to a SQL Server schema. Using this tool and the documentation requires a working knowledge of both XML and database concepts and terminology. This ve
UPS Support 1.01 for Server Appliance Kit 2.01 The uninterruptible power supply (UPS) support for server appliances provides access to the Microsoft Windows 2000 UPS service using the Server Appliance Kit Web user interface (UI). Through this support, server appliance administrators can access UPS stat
Gigabyte GA-F2A58M-S1 (rev. 3.1) Microsoft UAA Driver Key Features: - Socket FM2+ supports AMD FM2+/FM2 A-series APU - GIGABYTE Ultra Durable Technology - GIGABYTE On/Off Charge for USB devices - 1 PCI-E 2.0 x16 interface with AMD Dual Graphics support - Solid capacitors for APU VRM design - 8 USB 2.0 and 4 S
Age of Empires III: The WarChiefs Trial Version You allied with them in Age of Empires III, now experience the full glory of the Iroquois civilization in the new trial version for The WarChiefs expansion pack for Age of Empires III. Features: Play as the versatile Iroquois or the powerful Germans in ski
Microsoft Windows Vista Home Premium Windows Vista Home Premium allows you to go beyond e-mail and web surfing to improve personal productivity and enjoy digital entertainment. You can search for anything on your computer from virtually anywhere. You'll get improved performance and better pro
Jet 4.0 Service Pack 8 (SP8) Replication File Update - KB321076 The Jet Replication Update is an update to Access and Jet files that are used by Microsoft Access and the Access Replication Manager. These files have been updated inconjunction with the release of Microsoft Jet 4.0 Service Pack 8 (SP8). Download now if yo
Mirramail Secure Email Business Mirramail is a fully featured e-mail program, like Outlook or Outlook Express, except the e-mails you send can be easily secured with 256 bit AES Encryption. Securing your e-mail privacy is as simple as selecting the Encryption level required from a drop-d
dirLock dirLock is a simple but easy to use program that lets users lock/unlock any folder on a NTFS volume. DirLock is designed for users who keep their computer turned on/logged in for others to use it. So using this app you'd be able to lock individual folders
PcProxSonar The PcProxSonar device attaches to the PC via the USB port and is configured by the system as a keyboard. When you step away from your computer, pcPROX sends keystrokes to the PC that engage a self-locking mechanisms such as a screen saver or your single s
Folder Lock Pro Folder Lock Pro is a professional security tool to lock, hide and protect your folders and files. With very easy to use interface, just a few click, you can lock your folder and keep it safe, no one can open it without a password. This tool also provide pr
Turbine In Turbine, the plaintext bytes are XOR combined with a pseudorandom cipher bit stream and transformed by a block cipher with variable block-lengths. The suffix is freely selectable. Depends on this, nobody can see later directly that the Target file is an
EyeOnKeyboard EyeOnKeyBoard is software that records all of a PC user's keystrokes to a file. It can automatically run when you start your computer. The full version runs in invisible mode in the background, so other people will not be aware of its existence.Requirement
Desktop USB Security Key This application installs to any USB thumb drive and adds extra security when the user is away from their PC or laptop. First, take out the USB Drive and the PC will go into locked windows mode and also lock the keyboard. Upon return to PC or laptop, inser
CyberSpy CyberSpy records all e-mails typed and viewed, chat conversations, Web sites, keystrokes, passwords, applications, windows, documents, and even desktop snapshots all in total stealth (if desired). It can be used for monitoring others who use your PC: child
Lalim Msn Messenger Password Recovery Lalim Msn Password is a password recovery tool that is used to recover lost or forgotten passwords for your MSN messenger accounts. It is important that the password you are trying to recover is stored on your computer (i.e. you are recovering your own pa
Farsighter From the developer: "Farsighter monitors a remote computer invisibly by streaming video to a viewer on your computer. You will know exactly what is happening on the remote computer as you see it in real-time. Some applications are: - Monitor your computer
Supported Operating Systems:
Windows 2000 |
Comments on Windows 2000 Unchecked Buffer Help Security Vulnerability Patch:
Comments not found
Windows Software - Free Windows Downloads, Apps, Games, Freeware, Skype, Media Player, Antivirus, Gimp, Live, Starter for Windows XP, Vista, 7, 8, 10