Reported July 9, 2003, by Microsoft.
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
A new vulnerability exists in the HTML converter of Microsoft operating systems that can result in the execution of arbitrary code on the vulnerable computer. This vulnerability stems from a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, a potential attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.
Microsoft has released Security Bulletin MS03-023, "Buffer Overrun In HTML Converter Could Allow Code Execution (823559)" to address this vulnerability and recommends that affected users immediately apply the patch mentioned in the bulletin.
Discovered by Microsoft.