Home / bulletins MS09-046 - Critical: Vulnerability in DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (956844) - Version:1.0
Posted on 09 September 2009
CriticalSeverity Rating: Critical - Revision Note: V1.0 (September 8, 2009): Bulletin published.Summary: This security update resolves a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Other versions
- MS09-046 - Version: 1.2
- MS09-046 - Version: 1.1
- MS09-046 - Version: 1.0