Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > March 2006 > Microsoft Security Advisory Notification: 917077 - Vulnerability in the way HTML Objects Handle Unexpected Method Calls

March 2006

Microsoft Security Advisory Notification: 917077 - Vulnerability in the way HTML Objects Handle Unexpected Method Calls

ID: 00238
Ref: 237/2006
Date: 27 March 2006:13:45:38
Version: 1
Title: Microsoft Security Advisory Notification: 917077 - Vulnerability in the way HTML Objects Handle Unexpected Method Calls
Abstract: Advisory updated with information on limited attacks.
Vendors affected: Microsoft
Operating systems affected: Microsoft
Applications affected: Microsoft
Title
=====

Microsoft Security Advisory Notification: 917077 - Vulnerability in the way HTML
Objects Handle Unexpected Method Calls

Detail
======

Advisory updated with information on limited attacks.


- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

********************************************************************
Title: Microsoft Security Advisory Notification
Issued: March 24, 2006
********************************************************************

Security Advisories Updated or Released Today
==============================================

* Security Advisory (917077)

- Title: Vulnerability in the way HTML Objects Handle
Unexpected Method Calls Could Allow Remote
Code Execution

- Web site: http://go.microsoft.com/fwlink/?LinkId=63915


- Reason For Update: Advisory updated with information on
limited attacks.


Support:
========
Technical support resources can be found at:
http://go.microsoft.com/fwlink/?LinkId=21131

International customers can get support from their local Microsoft
subsidiaries. Phone numbers for international support can be found
at: http://support.microsoft.com/common/international.aspx

Additional Resources:
=====================
* Microsoft has created a free monthly e-mail newsletter containing
valuable information to help you protect your network. This
newsletter provides practical security tips, topical security
guidance, useful resources and links, pointers to helpful
community resources, and a forum for you to provide feedback
and ask security-related questions.
You can sign up for the newsletter at:

http://www.microsoft.com/technet/security/secnews/default.mspx

* Microsoft has created a free e-mail notification service that
serves as a supplement to the Security Notification Service
(this e-mail). The Microsoft Security Notification Service:
Comprehensive Version. It provides timely notification of any
minor changes or revisions to previously released Microsoft
Security Bulletins and Security Advisories. This new service
provides notifications that are written for IT professionals and
contain technical information about the revisions to security
bulletins. To register visit the following Web site:

http://www.microsoft.com/technet/security/bulletin/notify.mspx

* Protect your PC: Microsoft has provided information on how you
can help protect your PC at the following locations:

http://www.microsoft.com/security/protect/

If you receive an e-mail that claims to be distributing a
Microsoft security update, it is a hoax that may be distributing a
virus. Microsoft does not distribute security updates through
e-mail. You can learn more about Microsoft's software distribution
policies here:

http://www.microsoft.com/technet/security/topics/policy/swdist.mspx

********************************************************************
THE INFORMATION PROVIDED IN THE THIS EMAIL IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT
DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING
THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE.
IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE
LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL
DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY
FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING
LIMITATION MAY NOT APPLY.
********************************************************************

- -----BEGIN PGP SIGNATURE-----
Version: PGP 8.1

iQIVAwUBRCSoBhCvwTv3q93mAQL8OA/+Os1RLnelT66XRG9qhDDnKpDvUz8fFhMN
a/RDUBj4svryHAKI8SqmX78nr4DVLWsghSFOzX7WHHjJ5piFB2IYwaaxsP/6HB2K
WCL2nTna0QDLQrOg+YJ7gy010Um4+L5sSNUjiNUyWQx7uPsP4k1eTSgFFO10ZU/n
Xwj4PazOBhFmROSeyBDVYnXkF7Ey8ZxocxjVlUtSdauIInWvgVSapLJWKK2e6FeB
Ez6uEvX4IqxvZJ0945/WsQ62ItlZiVo3DMXRumGrcOea5mLh/wZaoyJUrpAy52dL
2gLJ8cPOdEN2A8DxcbwxnuNqG5BdfZABO7jlyD+CZEyvr98OCH1N6EN9b4B8QCU3
ay3wJzXhcDc9+Qo8qLhm8XvG85FbTcd3/QqAUTgVIndCbsk4NfjzNaqa5AOvyQe9
TYpDOMG/J+oRNPSh3rAp3COopWbv/hht6o+2UxHV+u1Kt9FDJt1WbqYuQpIfYM4N
VbKGdjeVAoGRCOoqlJEqMTznswQyqP6s3D4FQuTJ3D3EM4x9j7FXOw2rhXhAeRel
xpQODywbr2kCBnpymq7EF5J6WxzMUM44gTjw+4JOJmZevxols3JeaJ/iz0M/SWwm
0AQ9s1Zw5mzAV6hErgDsnXKMRNC7xhh4+tIx7DguIbWulgGVLECkmi+Nis9TG+y8
214h2Pe0Ldw=
=0yUU
- -----END PGP SIGNATURE-----

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |