All versions of Microsoft Windows contain support for file conversion in the operating system. With this functionality, users of Microsoft Windows can convert file formats from 1 to another. In particular, Microsoft Windows contains support for HTML conversion in the operating system. With this functionality, users can view, import, or save files as HTML.

There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-&-paste operation. A vulnerability exists because a specially crafted request to the HTML converter could cause the converter to fail in such a way that it could run code in the context of the currently logged-on user. Because Microsoft Internet Explorer uses this functionality, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's computer. When a user visits an attacker’s Web site, the attacker could exploit the vulnerability without any other user action.

Download Update now for everything from Windows 98/NT 4.0 - 2003.