There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action.
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Microsoft Data Analyzer ActiveX Control Vulnerability (978262)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Microsoft Forefront Protection For Exchange RCE Vulnerability (2927022)