Threat Level: green Handler on Duty: Scott Fendley

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)

Published: 2006-08-08
Last Updated: 2006-08-08 19:38:22 UTC
by Lorna Hutcheson (Version: 1)
0 comment(s)
MS06-043:  Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)

https://www.microsoft.com/technet/security/bulletin/ms06-043.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2766

Affected Software:
? Microsoft Windows XP Service Pack 2
? Microsoft Windows XP Professional x64 Edition
? Microsoft Windows Server 2003 Service Pack 1
? Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
? Microsoft Windows Server 2003 x64 Edition
 
Impact:  Remote Code Execution
Severity:  Critical


Description:  There is an issue in the way the MHTML protocol is parsed.  The MHTML protocol allows for the use of embedded objects such as images.  This is another a cross-domain scripting vulnerability in which code is allowed to be run in the wrong security zone (i.e. on the system or local) which is should not be allowed to do.  There are MANY ways to exploit this and you should patch immediately!
 
Keywords:
0 comment(s)
Diary Archives