Microsoft Windows HTML Help ActiveX Control Code Execution Vulnerability (MS07-008)
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the HTML Help ActiveX control (Hhctrl.ocx) when handling malformed arguments passed to certain methods, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.
Affected Products
Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition
Solution
Update for Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=211a9c07-88ff-4ae4-a82a-ce2045c6c4fe
Update for Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=a3700273-d7da-4a60-ba80-c95c8036d670
Update for Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=69ef4daa-cf0f-4898-8675-911428e7fd74
Update for Microsoft Windows Server 2003 and Windows Server 2003 SP1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5a1f1607-b6ec-41e2-aac0-34387f1211a7
Update for Microsoft Windows Server 2003 (Itanium) and Windows Server 2003 SP1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=d638c8e8-5fbe-4a32-945c-440a4b684b0f
Update for Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=65bf2245-6c89-43db-8d28-12988791c395