Microsoft MSHTML Remote Code Execution Vulnerability
Components Affected
✻ Microsoft MSHTML
Overview
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted Microsoft Office documents.
Description
An attacker could craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering engine. The attacker would then have to convince the user to open the malicious document. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Impact
✻ Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code and take control of the affected system.
Solution/ Workarounds
Disabling the installation of all ActiveX controls in Internet Explorer mitigates this attack. This can be accomplished for all sites by updating the registry. Previously-installed ActiveX controls will continue to run, but do not expose this vulnerability.
Warning
If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
Reference
Disclaimer
The information provided herein is on an “as is” basis, without warranty of any kind.
-
The decision we make today on cyber security will determine the security of the society in which we live tomorrow.
Total Users : 203489Designed and Developed by Procons Infotech