MS06-043: Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
https://www.microsoft.com/technet/security/bulletin/ms06-043.mspx http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2766 Affected Software: ? Microsoft Windows XP Service Pack 2 ? Microsoft Windows XP Professional x64 Edition ? Microsoft Windows Server 2003 Service Pack 1 ? Microsoft Windows Server 2003 with SP1 for Itanium-based Systems ? Microsoft Windows Server 2003 x64 Edition Impact: Remote Code Execution Severity: Critical Description: There is an issue in the way the MHTML protocol is parsed. The MHTML protocol allows for the use of embedded objects such as images. This is another a cross-domain scripting vulnerability in which code is allowed to be run in the wrong security zone (i.e. on the system or local) which is should not be allowed to do. There are MANY ways to exploit this and you should patch immediately! |
Lorna 165 Posts ISC Handler Aug 8th 2006 |
Thread locked Subscribe |
Aug 8th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!