There is a flaw in the way the HTML converter for Microsoft Windows handles a conversion request during a cut-and-paste operation. This flaw causes a security vulnerability to exist. A specially crafted request to the HTML converter could cause the converter to fail in such a way that it could execute code in the context of the currently logged-in user. Because this functionality is used by Internet Explorer, an attacker could craft a specially formed Web page or HTML e-mail that would cause the HTML converter to run arbitrary code on a user's system. A user visiting an attacker's Web site could allow the attacker to exploit the vulnerability without any other user action.
- Cumulative Security Update for Internet Explorer (958215)
- Microsoft Expression Design Remote Code Execution Vulnerability (2651018)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2514842)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
- Cumulative Security Update for Internet Explorer (937143)