TITLE: Microsoft Windows HTML Help Input Validation Vulnerability SECUNIA ADVISORY ID: SA15683
VERIFY ADVISORY: http://secunia.com/advisories/15683/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows 2000 Advanced Server http://secunia.com/product/21/ Microsoft Windows 2000 Datacenter Server http://secunia.com/product/1177/ Microsoft Windows 2000 Professional http://secunia.com/product/1/ Microsoft Windows 2000 Server http://secunia.com/product/20/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows XP Professional http://secunia.com/product/22/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error within HTML Help and can be exploited through a malicious HTML document. SOLUTION: Apply patches. Microsoft Windows 2000 (requires Service Pack 3 or Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=9AF346AE-4807-42F4-95E2-8F5FAE321102 Microsoft Windows XP (requires Service Pack 1 or Service Pack 2): http://www.microsoft.com/downloads/details.aspx?FamilyId=17833B94-AF70-47BD-872C-033A3F0E982A Microsoft Windows XP 64-Bit Edition (requires Service Pack 1) (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=A6A807F2-AD02-4D15-A198-CF8A728B3A25 Microsoft Windows XP 64-Bit Edition Version 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=EE8BA26D-CFDA-428F-9F9B-16908DB88C80 Microsoft Windows XP Professional x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=CE81AE3B-4FA4-4576-8539-AB49E575A98F Microsoft Windows Server 2003 (with or without Service Pack 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=A19EEE21-7DF2-4B95-A4C5-44C6CAA5AF9A Microsoft Windows Server 2003 (with or without Service Pack 1) (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=A19EEE21-7DF2-4B95-A4C5-44C6CAA5AF9A Microsoft Windows Server 2003 x64 Edition: http://www.microsoft.com/downloads/details.aspx?FamilyId=2E8716F7-3A81-4482-8C92-2A2DC3C2F782 ORIGINAL ADVISORY: MS05-026 (KB896358): http://www.microsoft.com/technet/security/Bulletin/MS05-026.mspx ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
