Microsoft Windows HTML Help ActiveX Control Code Execution Vulnerability (MS07-008)
Microsoft Windows HTML Help ActiveX Control Code Execution Vulnerability (MS07-008)

A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to take complete control of an affected system. This flaw is due to a buffer overflow error in the HTML Help ActiveX control (Hhctrl.ocx) when handling malformed arguments passed to certain methods, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products

Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP Service Pack 2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 Service Pack 1
Microsoft Windows Server 2003 (Itanium)
Microsoft Windows Server 2003 SP1 (Itanium)
Microsoft Windows Server 2003 x64 Edition

Solution

Update for Microsoft Windows 2000 Service Pack 4 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=211a9c07-88ff-4ae4-a82a-ce2045c6c4fe

Update for Microsoft Windows XP Service Pack 2 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=a3700273-d7da-4a60-ba80-c95c8036d670

Update for Microsoft Windows XP Professional x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=69ef4daa-cf0f-4898-8675-911428e7fd74

Update for Microsoft Windows Server 2003 and Windows Server 2003 SP1 :
http://www.microsoft.com/downloads/details.aspx?FamilyId=5a1f1607-b6ec-41e2-aac0-34387f1211a7

Update for Microsoft Windows Server 2003 (Itanium) and Windows Server 2003 SP1 (Itanium) :
http://www.microsoft.com/downloads/details.aspx?FamilyId=d638c8e8-5fbe-4a32-945c-440a4b684b0f

Update for Microsoft Windows Server 2003 x64 Edition :
http://www.microsoft.com/downloads/details.aspx?FamilyId=65bf2245-6c89-43db-8d28-12988791c395

더보기

댓글,