Micorsoft HTML Help Vulnerability, Security Update
A new version of HTML Help was released in June 2005 to address a security issue. This article provides an insight of this issue.
What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
What causes the vulnerability?
The vulnerability occurs because HTML Help does not completely validate input data.
What is HTML Help?
Microsoft HTML Help is the standard help system for the Windows platform. Authors can use HTML Help to create online Help files for a software application or to create content for a multimedia title or for a Web site. For more information about how to create online Help files, visit the following Web site.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Who could exploit the vulnerability?
Any anonymous attacker who could display a specially crafted Web page to a user could attempt to exploit this vulnerability.
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display malicious Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.
What systems are primarily at risk from the vulnerability?
This vulnerability requires that a user view Web sites for an attack to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability. Systems that are not typically used to visit Web sites, such as most server systems, are at a reduced risk.
Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by this vulnerability. A critical security update for these platforms is available and is provided as part of this security bulletin and can be downloaded from the Windows Update Web site. For more information about severity ratings, visit the following Web site.
What does the update do?
The update removes the vulnerability by modifying the way that HTML Help validates data.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
How does this vulnerability relate to the HTML Help vulnerability that is addressed by MS05-001?
Both vulnerabilities were in HTML Help. However, this update addresses a new vulnerability that was not addressed as part of MS05-001. MS05-001 helps protect against the vulnerability that is discussed in that bulletin, but does not address this new vulnerability.
For more information and security update click http://www.microsoft.com/technet/security/bulletin/ms05-026.mspx
What is the scope of the vulnerability?
This is a remote code execution vulnerability. If a user is logged on with administrative privileges, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full privileges. Users whose accounts are configured to have fewer privileges on the system would be at less risk than users who operate with administrative privileges.
What causes the vulnerability?
The vulnerability occurs because HTML Help does not completely validate input data.
What is HTML Help?
Microsoft HTML Help is the standard help system for the Windows platform. Authors can use HTML Help to create online Help files for a software application or to create content for a multimedia title or for a Web site. For more information about how to create online Help files, visit the following Web site.
What might an attacker use the vulnerability to do?
An attacker who successfully exploited this vulnerability could take complete control of the affected system.
Who could exploit the vulnerability?
Any anonymous attacker who could display a specially crafted Web page to a user could attempt to exploit this vulnerability.
In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to attempt to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display malicious Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.
What systems are primarily at risk from the vulnerability?
This vulnerability requires that a user view Web sites for an attack to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability. Systems that are not typically used to visit Web sites, such as most server systems, are at a reduced risk.
Are Windows 98, Windows 98 Second Edition or Windows Millennium Edition critically affected by this vulnerability?
Yes. Windows 98, Windows 98 Second Edition, and Windows Millennium Edition are critically affected by this vulnerability. A critical security update for these platforms is available and is provided as part of this security bulletin and can be downloaded from the Windows Update Web site. For more information about severity ratings, visit the following Web site.
What does the update do?
The update removes the vulnerability by modifying the way that HTML Help validates data.
When this security bulletin was issued, had this vulnerability been publicly disclosed?
No. Microsoft received information about this vulnerability through responsible disclosure. Microsoft had not received any information to indicate that this vulnerability had been publicly disclosed when this security bulletin was originally issued.
When this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.
How does this vulnerability relate to the HTML Help vulnerability that is addressed by MS05-001?
Both vulnerabilities were in HTML Help. However, this update addresses a new vulnerability that was not addressed as part of MS05-001. MS05-001 helps protect against the vulnerability that is discussed in that bulletin, but does not address this new vulnerability.
For more information and security update click http://www.microsoft.com/technet/security/bulletin/ms05-026.mspx
2 Comments:
Ι rеally like reading through а post thаt will make ρeople thіnk.
Also, many thanks foг allоwіng for me to comment!
Tаke a looκ at my homepаgе:
http://www.ukinsurancewise.co.uk
By
Anonymous, at 4:26 AM
Plеase let me know if you're looking for a author for your site. You have some really good articles and I believe I would be a good asset. If you ever want to take some of the load off, I'ԁ love tο write ѕome aгticlеs for your blog in еxchange for a link back to mine.
Pleaѕe shоot me аn e-maіl if inteгesteԁ.
Kudοs!
Haѵе a looκ at my weblog: One Day car insurance
By
Anonymous, at 11:19 AM
Post a Comment
<< Home