Computer Security

Forum
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CHM files execution in Internet Explorer
updated since 19.05.2000
Published:03.01.2004
Source:BUGTRAQ
SecurityVulns ID:169
Type:client
Level:6/10
Description:CHM file (HTML-help) may contain unsafe ActiveX elements and could lead to code execution. CHM execution may be triggered by calling CHM file as a HTML or via ActiveX elements.
Affected:MICROSOFT : Internet Explorer 5.01
 MICROSOFT : Internet Explorer 5.0
 MICROSOFT : Internet Explorer 4.0
 MICROSOFT : Internet Explorer 4.01
 MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentArman Nayyeri, IE 5.x-6.0 allows executing arbitrary programs using showHelp() (03.01.2004)
 documentThor Larholm, Thor Larholm security advisory TL#004 (10.10.2002)
 documentThor Larholm, Thor Larholm security advisory TL#004 (07.10.2002)
 documentNGSSoftware Insight Security Research, Buffer Overflow in IE/Outlook HTML Help (03.10.2002)
 documentMICROSOFT, Security Bulletin MS02-055: Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255) (03.10.2002)
 documenthttp-equiv@excite.com, Self-Executing HTML: Internet Explorer 5.5 and 6.0 (03.06.2002)
 documentGeorgi Guninski, OBJECT TYPE="text/html" may allow executing arbitrary programs in IE 5.5 (24.11.2000)
 documentGeorgi Guninski, IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder (21.11.2000)
 documentCERT, Advisory CA-2000-12 (20.06.2000)
 documentMICROSOFT, Security Bulletin (MS00-037) (03.06.2000)
 documenthttp-equiv_(at)_excite.com, MICROSOFT SECURITY FLAW? (19.05.2000)
Files:Self-Executing HTML: Internet Explorer 5.5 and 6.0
 BugTraq ID: 1223
 BugTraq ID: 1221
Discuss:Read or add your comments to this news (0 comments)

Show Threads
Messages
 
Login:* (Register)
Password:*
(private) To:
(reply) Subject:*
Text:

Main Forum (Eng)

General security questions not appropriate for another forums. 		3proxy Forum (Eng)

All 3proxy question must be posted to this forum. 		Bugs, Vulnerabilities, PoCs and Exploits (Eng)

All vulnerability related questions, vulnerability digging and exploit creation. 		Windows programming and administration (Eng)

Administering Windows and application development. 		Unix programming and administation (Eng)

Administering Unix and application development. 		Test forum

Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)
 3proxy Forum (Rus)
 Bugs, Vulnerabilities, PoCs and Exploits (Rus)
 Windows programming and administration (Rus)
 Unix programming and administation (Rus)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru