HTML Help ActiveX Contol Cross-Domain Vulnerabilit

[Mobo]

Original release date: January 12, 2005

Description
The Microsoft Windows HTML Help ActiveX control (hhctrl.ocx) does not properly determine the source of windows opened by the Related Topics command. If an HTML Help control opens a Related Topics window in one domain, and a second control opens a Related Topics window using the same window name in a different domain, content from the second window is considered to be in the domain of the first window. This cross-domain vulnerability allows an attacker in one domain to read or modify content or execute script in a different domain, including the Local Machine Zone.

An attacker could exploit this vulnerability against Internet Explorer (IE) using a specially crafted web site. Other programs that use MSHTML, including Outlook and Outlook Express, could also act as attack vectors.

Impact
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code or commands with the privileges of the user. The attacker could also read or modify data in other web sites.

Solution
nstall the appropriate update according to Microsoft Security Bulletin MS05-001. Note that the update may adversely affect the HTML Help system as described in Microsoft Knowledge Base articles 892641 & 892675.