Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Microsoft Internet Explorer DHTML Edit and Help ActiveX crossite scripting
updated since 15.12.2004
Published: 09.02.2005
Source: BUGTRAQ
SecurityVulns ID: 4264
Type: client
Level: 9/10
Description: DHTML ActiveX and Help allows code injection into context of different server. By combining this vulnerability it's psosible to execute code in local machine zone. This vulnerability can potentially be used for silent spyware/adware installation.

Affected: MICROSOFT : Internet Explorer 6.0

Original document MICROSOFT, Microsoft Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) (08.02.2005)

Valentin Avram, IE HHCTRL exploit still usable even after patch (18.01.2005)

CERT, US-CERT Technical Cyber Security Alert TA05-012B -- Microsoft Windows HTML Help ActiveX Contol Cross-Domain Vulnerability (13.01.2005)

document MICROSOFT, Alert: Microsoft Security Bulletin MS05-001 - Vulnerability in HTML Help Could Allow Code Execution (890175) (13.01.2005)

ShredderSub7 SecExper, [Full-Disclosure] Remote code execution with parameters without user interaction, even with XP SP2 (04.01.2005)

Paul, Microsoft Internet Explorer SP2 Fully Automated Remote Compromise (27.12.2004)

document Paul, Internet Explorer Help ActiveX Control Local Zone Security Restriction Bypass Vulnerability (updated) (21.12.2004)

Paul, MSIE DHTML Edit Control Cross Site Scripting Vulnerability (15.12.2004)

Files: Microsoft Security Bulletin MS05-001 Vulnerability in HTML Help Could Allow Code Execution (890175)
Microsoft Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

test server