Ravens PHP Scripts

Microsoft Windows DHTML Editing ActiveX Control Vulnerability
Date: Tuesday, September 08, 2009 @ 15:48:08 PDT
Topic: Security


SECUNIA ADVISORY ID: SA36592

VERIFY ADVISORY: http://secunia.com/advisories/36592/

CRITICAL: Highly Critical

DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.



The vulnerability is caused due to an error in the bundled DHTML Editing Component ActiveX control when formatting HTML markup and can be exploited via a specially crafted web page. Successful exploitation may allow execution of arbitrary code.

SOLUTION: Apply patches.

Windows 2000 SP4: http://www.microsoft.com/downloads/details.aspx?familyid=6dd4b0f8-6b54-49a6-a6df-9420f9fd3333
Windows XP S2/SP3: http://www.microsoft.com/downloads/details.aspx?familyid=8523d5be-88a2-4124-9b02-660f612e2a12
Windows XP Professional x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=dbc33f6b-61bf-409a-89b5-60002192e0e0
Windows Server 2003 SP2: http://www.microsoft.com/downloads/details.aspx?familyid=7478f73f-dd20-4cfa-a650-4c84f37ada2f
Windows Server 2003 x64 Edition SP2: http://www.microsoft.com/downloads/details.aspx?familyid=88bf502d-1a7c-447a-ac4c-401e1698669b
Windows Server 2003 with SP2 for Itanium-based Systems: http://www.microsoft.com/downloads/details.aspx?familyid=8d881ff8-f51f-4476-8cb6-2bebd5b2047f

PROVIDED AND/OR DISCOVERED BY: The vendor credits Tavis Ormandy, Google.

ORIGINAL ADVISORY: MS09-046 (KB956844): http://www.microsoft.com/technet/security/Bulletin/MS09-046.mspx





This article comes from Ravens PHP Scripts
http://www.ravenphpscripts.com

The URL for this story is:
http://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3677