Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Buffer Overrun In Microsoft Windows HTML Converter
A new vulnerability exists in the HTML converter of Microsoft operating systems that can result in the execution of arbitrary code on the vulnerable computer.
Ken Pfeil
July 9, 2003
2 Min Read
Reported July 9, 2003, by Microsoft.
VERSIONS AFFECTED
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
DESCRIPTION
A new vulnerability exists in the HTML converter of Microsoft operating systems that can result in the execution of arbitrary code on the vulnerable computer. This vulnerability stems from a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, a potential attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.
VENDOR RESPONSE
Microsoft has released Security BulletinMS03-023, "Buffer Overrun In HTML Converter Could Allow Code Execution (823559)" to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.
CREDIT
Discovered byMicrosoft.
Read more about:
MicrosoftAbout the Author
You May Also Like
.jpg?width=700&auto=webp&quality=80&disable=upscale)
