===================================================================== CERT-Renater Note d'Information No. 2006/VULN440 _____________________________________________________________________ DATE : 09/08/2006 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Microsoft Windows 2000, XP et 2003 ====================================================================== MS06-046 - Vulnerability in HTML Help Could Allow Remote Code Execution (922616) - Affected Software: - Microsoft Windows 2000 Service Pack 4 - Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2 - Microsoft Windows XP Professional x64 Edition - Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 - Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems - Microsoft Windows Server 2003 x64 Edition - Impact: Remote Code Execution - Version Number: 1.0 - - From the Microsoft Security Bulletin MS05-046: Vulnerability Details Buffer Overrun in HTML Help Vulnerability - CVE-2006-3357 A vulnerability exists in the HTML Help ActiveX control that could allow remote code execution on an affected system. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page. An attacker who successfully exploited this vulnerability could take complete control of an affected system. ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================