Reported July 9, 2003, by Microsoft.

 

VERSIONS AFFECTED

 

  • Microsoft Windows 98

  • Microsoft Windows 98 Second Edition

  • Microsoft Windows Me

  • Microsoft Windows NT 4.0 Server

  • Microsoft Windows NT 4.0 Terminal Server Edition

  • Microsoft Windows 2000

  • Microsoft Windows XP

  • Microsoft Windows Server 2003

 

DESCRIPTION

 

A new vulnerability exists in the HTML converter of Microsoft operating systems that can result in the execution of arbitrary code on the vulnerable computer. This vulnerability stems from a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, a potential attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.

 

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-023, "Buffer Overrun In HTML Converter Could Allow Code Execution (823559)" to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.

 

CREDIT

Discovered by Microsoft.