[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Security alert -- HTML converter in every Windows O/S

To: Security.Alert.List@xxxxxxxxxxxxxx
Subject: Security alert -- HTML converter in every Windows O/S
From: "Mark Jurik" <mark@xxxxxxxxxxxx>
Date: Wed, 16 Jul 2003 07:40:39 -0700

PureBytes Links

Trading Reference Links

All versions of Microsoft Windows contain support for file conversion in the 
operating system. With this functionality, users of Microsoft Windows can 
convert file formats from one to another. In particular, Microsoft Windows 
contains support for HTML conversion in the operating system. With this 
functionality, users can view, import, or save files as HTML. 

A vulnerability exists because a specially crafted request to the HTML 
converter could cause the converter to fail in such a way that it could run 
code in the context of the currently logged-on user. Because Microsoft 
Internet Explorer uses this functionality, an attacker could craft a 
specially formed Web page or HTML e-mail that would cause the HTML converter 
to run arbitrary code on a user's computer. When a user visits an attacker’s 
Web site, the attacker could exploit the vulnerability without any other 
user action. 

This security flaw is rated by Microsoft as CRITICAL.

For more information and links to download a patch, go to ...

http://www.microsoft.com/technet/security/bulletin/MS03-023.asp

- mark

Prev by Date: "tough" Excel thing
Next by Date: Re: TS 7 (7.3) --- the Omega Trojan
Previous by thread: "tough" Excel thing
Next by thread: Re: TS 7 (7.3) --- the Omega Trojan
Index(es):
- Date
- Thread