Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:288
HistoryJun 03, 2000 - 12:00 a.m.

Security Bulletin (MS00-037)

2000-06-0300:00:00
vulners.com
24

Patch Available for "HTML Help File Code Execution" Vulnerability

Originally posted: June 02, 2000

Summary

Microsoft has released a patch that eliminates a security
vulnerability in the HTML Help facility that ships with Microsoft(r)
Internet Explorer. Under certain conditions, the vulnerability could
allow a malicious web site to take inappropriate action on the
computer of a visiting user.

Frequently asked questions regarding this vulnerability
and the patch can be found at
http://www.microsoft.com/technet/security/bulletin/fq00-037.asp

Issue

The HTML Help facility provides the ability to launch code via
shortcuts included in HTML Help files. If a compiled HTML Help
(.chm) file were referenced by a malicious web site, it could
potentially be used to launch code on a visiting user's computer
without the user's approval. Such code could take any actions that
the user could take, including adding, changing or deleting data, or
communicating with a remote web site.

A web site could only invoke an HTML Help file if it resided on a UNC
share accessible from the user's machine, or on the user's machine
itself. A firewall that blocks Netbios would prevent the former case
from being exploited. Adhering to standard security practices would
prevent the latter. In addition, an HTML Help file could only be
invoked if Active Scripting was permitted in the Security Zone that
the malicious user's site resides in. The patch eliminates the
vulnerability by only allowing an HTML Help file to use shortcuts if
the help file resides on the local machine.

Affected Software Versions

  • Microsoft Internet Explorer 4.0
  • Microsoft Internet Explorer 4.01
  • Microsoft Internet Explorer 5.0
  • Microsoft Internet Explorer 5.01

Patch Availability

Note: Additional security patches are available at the Microsoft
Download Center

More Information

Please see the following references for more information related to
this issue.

Obtaining Support on this Issue

This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp

Revisions

  • June 02, 2000: Bulletin Created.

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED
"AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO
THE FOREGOING LIMITATION MAY NOT APPLY.

Last Updated June 02,2000

(c) 2000 Microsoft Corporation. All rights reserved. Terms of use.