Windows : Microsoft Bulletins : Buffer Overrun In HTML Converter Could Allow Code Execution (823559)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.11878

Categoría: Windows : Microsoft Bulletins

Título: Buffer Overrun In HTML Converter Could Allow Code Execution (823559)

Resumen: There is a flaw in the way the HTML converter for Microsoft Windows handles a; conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist.

Descripción: Summary:
There is a flaw in the way the HTML converter for Microsoft Windows handles a
conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist.

Vulnerability Impact:
A specially crafted request to the HTML converter could cause the converter
to fail in such a way that it could execute code in the context of the currently logged-in user. Because this
functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail
that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web
site could allow the attacker to exploit the vulnerability without any other user action.

Solution:
The vendor has released updates. Please see the references for more information.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2003-0469
BugTraq ID: 8016
http://www.securityfocus.com/bid/8016
Bugtraq: 20030622 Internet Explorer >=5.0 : Buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=105639925122961&w=2
http://www.cert.org/advisories/CA-2003-14.html
CERT/CC vulnerability note: VU#823260
http://www.kb.cert.org/vuls/id/823260
http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html
http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html
Microsoft Security Bulletin: MS03-023
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023

Copyright Copyright (C) 2004 Jeff Adams

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.11878
Categoría:	Windows : Microsoft Bulletins
Título:	Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Resumen:	There is a flaw in the way the HTML converter for Microsoft Windows handles a; conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist.
Descripción:	Summary: There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. Vulnerability Impact: A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0469 BugTraq ID: 8016 http://www.securityfocus.com/bid/8016 Bugtraq: 20030622 Internet Explorer >=5.0 : Buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=105639925122961&w=2 http://www.cert.org/advisories/CA-2003-14.html CERT/CC vulnerability note: VU#823260 http://www.kb.cert.org/vuls/id/823260 http://lists.grok.org.uk/pipermail/full-disclosure/2003-June/006067.html http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006155.html Microsoft Security Bulletin: MS03-023 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-023
Copyright	Copyright (C) 2004 Jeff Adams