Related Entries security request fraud
Blaster laster
Ironic, is it not?
What's New in Windows 2003!
Security hole or stupidity?

« Right or wrong, we're journalists
» JpGraph - GD on steroids

Another buffer overrun vulnerability

This one affects Win 98/ME/2000/NT/XP/2003. Let the patching begin.

Buffer Overrun In HTML Converter Could Allow Code Execution (823559). “There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker’s Web site could allow the attacker to exploit the vulnerability without any other user action.”

According to Microsoft, this vulnerability exists even for Copy-Paste operations. So, if you use IE based editors on your content management systems, make sure you patch it.