There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action.
- Microsoft DNS Resolution Remote Code Execution Vulnerability (2509553)
- Microsoft Active Directory LDAP Remote Code Execution Vulnerability (969805)
- Cumulative Security Update for Internet Explorer (950759)
- ISA Server 2000 and Proxy Server 2.0 Internet Content Spoofing (888258)
- Microsoft Hyper-V Privilege Elevation Vulnerability (2893986)