December 1, 2006 12:32 PM PST
Internet Explorer HTA Application Execution
The Internet Explorer HTA Application Execution was assigned two vulnerability numbers by the National Institute of Standards in Technology National Vulnerabilities Database. The vulnerability in Inter Explorer allows remote attackers to execute arbitrary code via a link to an SMB file share, and the flaw itself might be within other components used by the Microsoft browser. If executed, the vulnerability may disclose potentially sensitive information and potentially compromise a user's system. Exploitation requires user interaction, however.
On August 8, 2006, Microsoft released two patches which addressed these vulnerabilities.
Additional Resources:
- Microsoft patch: MS06-045
- Microsoft patch: MS06-042
- Mitre.org CVE #: CVE-2006-3281
- Secunia advisory #: 20825
As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.
