Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > Microsoft HTML Help

Vendors: Microsoft

Microsoft HTML Help Heap Overflow in HHCtrl ActiveX Control May Let Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1016434

SecurityTracker URL: http://securitytracker.com/id/1016434

CVE Reference: CVE-2006-3357 (Links to External Site)

Updated: Aug 8 2006

Original Entry Date: Jul 4 2006

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Description: A vulnerability was reported in Microsoft HTML Help. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will trigger a heap overflow and potentially execute arbitrary code on the target system. The code will run with the privileges of the target user.

The vulnerability resides in the HHCtrl ActiveX control.

H D Moore reported this vulnerability.

The original advisory is available at:

http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html

A demonstration exploit is available at:

http://metasploit.com/users/hdm/tools/browserfun/mobb_002.html

Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=34ebe5d3-40c9-41dc-aaff-64608d3ac7b1

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=a6e2cb0a-146f-4300-95cb-7078ce9f9844

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=997a633a-8836-4c0f-98f9-1fd378de4b0c

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5132c3bc-f3af-464e-a615-60f72677bd4b

Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems:

http://www.microsoft.com/downloads/details.aspx?FamilyId=527cc785-e69e-4ade-aaf7-61f96ac3ca7a

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=fd1253b0-f4db-4808-a381-98ff9870ebb3

A restart is not required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-046.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms06-046.mspx (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (2000), Windows (2003), Windows (XP)

Message History: None.

Source Message Contents

Date: Tue, 4 Jul 2006 12:30:12 -0400
Subject: Internet Explorer HHCtrl vulnerability


MoBB #2: Internet.HHCtrl Image Property

http://browserfun.blogspot.com/2006/07/mobb-2-internethhctrl-image-property.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC