December 1, 2006 12:35 PM PST

Internet Explorer HTML Help ActiveX Control Memory Corruption

by Robert Vamosi

Font size
Print
E-mail
Share

This vulnerability is caused by an error in the HTML Help ActiveX control (hhctrl.ocx). When handling the "Image" property within an HTML file, the vulnerability can be exploited by using a long string to cause memory corruption (buffer overflow). Successful exploit could lead to the execution of remote code on a compromised PC.

Additional Resources:

Mitre. org: CVE-2006-3657
Secunia advisory: 20906

As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

Topics:: Browsers and extensions

Tags:: Internet Explorer

Share:: Digg; Del.icio.us; Reddit; Facebook

About Zero Days

Zero Days are security threats released before or concurrent with the public disclosure of software vulnerabilities. Our new blog will keep you ahead of the criminal hackers by informing you what you are up against.

Add this feed to your online news reader

Zero Days topics

Internet Explorer HTML Help ActiveX Control Memory Corruption

Browsers and extensions

Internet Explorer

About Zero Days

Zero Days topics