Reported December 23, 2004, by flashsky fangxing

VERSIONS AFFECTED

  • Windows Server 2003

  • Windows XP

  • Windows 2000

  • Windows Me

  • Windows 9x

DESCRIPTION

A vulnerability in the HTML ActiveX Control component could allow an intruder to gain control over a remote machine if a user visits a Web site designed to exploit the vulnerability.

VENDOR RESPONSE

Microsoft has issued Security Bulletin MS05-001, “Vulnerability in HTML Help Could Allow Code Execution (890175),” to address this critical issue.

CREDIT

Discovered by flashsky fangxing