Buffer Overrun in HTML Converter Allows Code Execution

By Thomas McGuire on
All versions of Microsoft Windows contain support for file conversion in the operating system. With this functionality, users of Microsoft Windows can convert file formats from 1 to another. In particular, Microsoft Windows contains support for HTML conversion in the operating system. With this functionality, users can view, import, or save files as HTML.

There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-&-paste operation. A vulnerability exists because a specially crafted request to the HTML converter could cause the converter to fail in such a way that it could run code in the context of the currently logged-on user. Because Microsoft Internet Explorer uses this functionality, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's computer. When a user visits an attacker’s Web site, the attacker could exploit the vulnerability without any other user action.

Download Update now for everything from Windows 98/NT 4.0 - 2003.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.