Check Point Advisories

Update Protection against Microsoft Internet Explorer Help Control (HHCtrl) Vulnerability

Check Point Reference: CPAI-2006-104
Date Published: 12 Sep 2006
Severity: High
Last Updated: Thursday 03 May, 2007
Source: FRSIRT/ADV-2006-2952
Industry Reference:CVE-2006-3898
Protection Provided by:
Who is Vulnerable? Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 98
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 98 SE
Microsoft Internet Explorer 6 SP1 on Microsoft Windows Millennium Edition
Vulnerability Description Microsoft Internet Explorer (IE) contains a heap overflow vulnerability. The vulnerability exists in a Microsoft ActiveX which supports all functions of the user help interface (hhctrl.ocx). A remote attacker may trigger this flaw to deny service from legitimate users. By convincing a user to visit a specially crafted Web page, an attacker could cause the victim's Web browser to crash.
Vulnerability DetailsThis vulnerability is due to a NULL pointer dereference error in the HTML Help Control "HHCtrl.ocx" when processing a "Click()" method. An attacker can trigger the flaw by convincing a user to view a specially crafted HTML document. Successful exploitation could result in the crashing of the victim's Web browser, once the malicious page is loaded.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK