Microsoft Internet Explorer ''HTML Help File Code Execution'' Vulnerability patchMicrosoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoft? Internet Explorer. Under certain conditions,the vulnerability could allow | |
Download |
Microsoft Internet Explorer ''HTML Help File Code Execution'' Vulnerability patch Ranking & Summary
Advertisement
Microsoft Internet Explorer ''HTML Help File Code Execution'' Vulnerability patch Tags
- vulnerability checker vulnerability webpage vulnerability vulnerability scanner Microsoft Security Essentials LSASS vulnerability vulnerability detector Detect Vulnerability Vulnerability Detection software vulnerability vulnerability report Vulnerability Finder Vulnerability Searcher network vulnerability security vulnerability vulnerability tester test vulnerability Vulnerability Protection Vulnerability Analysis Web Vulnerability Scanner Web Vulnerability Messenger Vulnerability Vulnerability Assessment Informix Vulnerability DB2 Vulnerability Oracle Vulnerability Scan Vulnerability buffer overflow vulnerability XSS vulnerability vulnerability update vulnerability news Vulnerability Scan Scan for Vulnerability Vulnerability Repair Repair Vulnerability vulnerability management SQL injection vulnerability vulnerability identification microsoft internet explorer repa microsoft baseline security ana
Microsoft Internet Explorer ''HTML Help File Code Execution'' Vulnerability patch Description
Microsoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoft? Internet Explorer. Under certain conditions,the vulnerability could allow a malicious web site to take inappropriate action on the computer of a visiting user. The HTML Help facility provides the ability to launch code viashortcuts included in HTML Help files. If a compiled HTML Help (.chm) file were referenced by a malicious web site, it could potentially be used to launch code on a visiting user's computer without the user's approval. Such code couldtake any actions that the user could take, including adding, changing or deleting data, or communicating with a remote web site. A web site could only invoke an HTML Help fileif it resided on a UNC share accessible from the user's machine, or on the user's machine itself. A firewall that blocks Netbios would prevent the former case from being exploited. Adhering to standard security practices wouldprevent the latter. In addition, an HTML Helpfile could only be invoked if Active Scriptingwas permitted in the Security Zone thatthe malicious user's site resides in. Thepatch eliminates the vulnerability by onlyallowing an HTML Help file to use shortcuts ifthe help file resides on the local machine.
Microsoft Internet Explorer ''HTML Help File Code Execution'' Vulnerability patch Related Software