The information
provided in this site is provided "as is" without warranty
of any kind. Microsoft Corporation disclaims all warranties,
either express or implied, including the warranties of merchantability
and fitness for a particular purpose. In no event shall
Microsoft Corporation or its suppliers be liable for any
damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages,
even if Microsoft Corporation or its suppliers have been
advised of the possibility of such damages. Some states do
not allow the exclusion or limitation of liability for consequential
or incidental damages so the foregoing limitation may not
apply. Furthermore, this information is only listed as a
resource for such information by Whiptech. Whiptech is in
no way responsible for the use or misuse of the information
by anyone, anywhere, at anytime.
 Microsoft Patch Disclosure - August 2006
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
Published:
August 8, 2006
Microsoft Severity Rating: Critical
Description:
There is a remote code execution vulnerability in Windows that results
from incorrect parsing of the MHTML protocol. An attacker could exploit
the vulnerability by constructing a specially crafted Web page or HTML
e-mail that could potentially lead to remote code execution if a user
visited a specially crafted Web site or clicked a link in a specially
crafted e-mail message.
If a user were logged on with administrative user
rights, an attacker who successfully exploited this vulnerability could
take complete control of an affected system. An attacker could then
install programs; view, change, or delete data; or create new accounts
with full user rights. Users whose accounts are configured to have
fewer user rights on the system could be less affected than users who
operate with administrative user rights.
Mitigating Factors:
In a Web-based attack scenario, an attacker could host a Web site that contains
a Web page that is used to exploit this vulnerability. In addition, compromised
Web sites and Web sites that accept or host user-provided content or advertisements
could contain specially crafted content that could exploit this vulnerability.
In all cases, however, an attacker would have no way to force users to visit
these Web sites. Instead, an attacker would have to persuade users to visit the
Web site, typically by getting them to click a link in an e-mail message or instant
messenger message that takes users to the attacker's Web site.
.
An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
.
By default, Outlook Express 6 opens HTML e-mail messages in the Restricted sites zone.
The Restricted sites zone helps limit attacks that could try to exploit this vulnerability by preventing ActiveX Controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the use could still be vulnerable to this issue through the Web-based attack scenario.
.
By default, Internet Explorer on Windows Server 2003 runs in a restricted mode that is known as Enhanced Security Configuration. This mode mitigates this vulnerability in the e-mail vector because reading e-mail messages in plain text is the default configuration for Outlook Express. See the FAQ section for this security update for more information about Internet Explorer Enhanced Security Configuration.
Affected Software:
| • |
Microsoft Windows 2000 Service
Pack 4 |
| • |
Microsoft Windows XP Service
Pack 1 and Microsoft Windows XP Service Pack 2 |
| • |
Microsoft Windows XP Professional
x64 Edition |
| • |
Microsoft Windows Server 2003
and Microsoft Windows Server 2003 Service Pack 1 |
| • |
Microsoft Windows Server 2003
for Itanium-based Systems and Microsoft Windows Server
2003 with SP1 for Itanium-based Systems |
| • |
Microsoft Windows Server 2003
x64 Edition |
|
