| VID |
26049 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (KB823559) for the "Buffer Overrun Vulnerability in HTML Converter" has not been applied.
Microsoft Windows contains support for HTML conversion within the operating system. This functionality allows users to view, import, or save files as HTML. There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation.
This flaw can be exploited via applications which use the HTML converter (such as Internet Explorer) and will permit arbitrary code to be executed on a vulnerable system. To exploit this vulnerability, an attacker will create a specially-formed HTML page and send it to the user or host a malicious web site. Then, if the user visits the page, it cause the HTML converter to execute code of the attacker's choice.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/MS03-023.asp
* Platforms Affected:
Microsoft Windows 98, Second Edition
Microsoft Windows Me
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003 |
| Recommendation |
Apply the appropriate patch for your system, as listed in Microsoft's security bulletin MS03-023, http://www.microsoft.com/technet/security/bulletin/MS03-023.asp
1. Open the following page :
For Windows 98 and Windows 98 Second Edition: http://www.microsoft.com/downloads/details.aspx?FamilyID=71ec81dd-9e86-4956-94f5-b6e020348569&DisplayLang=en
For Windows Me: http://windowsupdate.microsoft.com
For Windows NT 4.0 Server: http://microsoft.com/downloads/details.aspx?FamilyId=8849D376-D7C1-4040-BC83-FEA67AE57F5F&displaylang=en
For Windows NT 4.0 Terminal Server Edition: http://microsoft.com/downloads/details.aspx?FamilyId=A64F5EEF-A3F5-466C-94D0-5EBF6231A612&displaylang=en
For Windows 2000 : http://microsoft.com/downloads/details.aspx?FamilyId=FF84E1A5-C90D-40F2-8CF5-23DA3AB296B4&displaylang=en
For Windows XP 32 bit Edition : http://microsoft.com/downloads/details.aspx?FamilyId=11CDD153-65EC-4851-886C-5A412438D6D4&displaylang=en
For Windows XP 64 bit Edition : http://microsoft.com/downloads/details.aspx?FamilyId=EE42EDF4-DEB2-450D-9F1A-90E41E908ECB&displaylang=en
For Windows Server 2003 32 bit Edition : http://microsoft.com/downloads/details.aspx?FamilyId=1C9914AB-25F8-462E-ADC0-5AC6BD0116DE&displaylang=en
For Windows Server 2003 64 bit Edition : http://microsoft.com/downloads/details.aspx?FamilyId=F9697DE0-488D-4CBA-996B-7ACEC50992CE&displaylang=en
2. Select your language from the drop-down list at the top of the page and then click <Go> button.
3. Click <Download> button to download this patch file.
4. Run this file to install the patch.
-- OR --
You can block exploitation of this vulnerability temporarily by using temporary measures as listed in "Workarounds" of Microsoft's security bulletin MS03-023.
-- OR --
Patches for Windows platforms are also available from the Microsoft Windows Update Web site, http://windowsupdate.microsoft.com . Windows Update detects what version of Windows you are running and offers the appropriate patch. |
| Related URL |
CVE-2003-0469 (CVE) |
| Related URL |
8016 (SecurityFocus) |
| Related URL |
(ISS) |
|
