SecurityHome.eu MS09-046 - Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844)

Home / bulletins

MS09-046 - Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) - Version:1.1
Posted on 15 October 2009
There is an newer version: MS09-046 - Version: 1.0
Critical
Severity Rating: Critical - Revision Note: V1.0 (October 14, 2009): Corrected the class identifier for the ActiveX control in the workaround, â€œPrevent the DHTML ActiveX control COM object from running in Internet Explorer.â€Summary: This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Link
Other versions
MS09-046 - Version: 1.2
MS09-046 - Version: 1.1
MS09-046 - Version: 1.0

TOP

Bulletins :

Last 20

Exploits :

Last 20