|
|
|
|
| |
Credit:
The information has been provided by Dami n Frizza.
The original article can be found at: http://www.coresecurity.com/content/MS-Office-HtmlDlgHelper-memory-corruption
|
| |
Vulnerable Systems:
* IE 6
* IE 7
* IE 8
* MS Office XP
* MS Office 2003
* MS Office 2007 and MS Office 2010 (the control is disabled by default)
Microsoft Windows is prone to a memory corruption vulnerability when instantiating the HtmlDlgHelper Class Object in a Microsoft Office Document (ie: .XLS, .DOC). The affected vulnerable module is part of Internet Explorer (mshtmled.dll). This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
The ActiveX control is marked as "Not Safe for Initialization", and prompts the user with: "ActiveX controls might contain viruses or other security hazards. Do not enable this content unless you trust the source of this file". However, in Office 2003 the bug is triggered even if the user answers "No" to the prompt.
CVE Information:
CVE-2010-3329
Disclosure Timeline:
2010-05-28: Initial notification to the vendor.
2010-08-06: MSRC confirms that the fix for this issue is scheduled for the October release of IE.
2010-10-12: Advisory CORE-2010-0517 is published.
|
|
|
|
|
