Microsoft IE align HTML Converter Overflow

2003-07-09T00:00:00
ID OSVDB:2963
Type osvdb
Reporter OSVDB
Modified 2003-07-09T00:00:00

Description

Vulnerability Description

Windows HTML converter has a flaw in the way it handles conversion requests during a cut-and-paste operation. A specially crafted request to the HTML converter could lead to arbitrary code being executed under the priveleges of the currently logged-in user. This is essentially exploited only via Internet Explorer as it's used to browse web pages.

Solution Description

It is possible to correct the flaw by implementing the workaround provided by Microsoft, however it is strongly recommended that you apply the patch provided instead.

Short Description

Windows HTML converter has a flaw in the way it handles conversion requests during a cut-and-paste operation. A specially crafted request to the HTML converter could lead to arbitrary code being executed under the priveleges of the currently logged-in user. This is essentially exploited only via Internet Explorer as it's used to browse web pages.

References:

Microsoft Security Bulletin: MS03-023 Generic Informational URL: http://www.cert.org/advisories/CA-2003-14.html Generic Exploit URL: http://lists.netsys.com/pipermail/full-disclosure/2003-July/010833.html CVE-2003-0469 CERT VU: 823260