Core Security Technologies Advisory - Microsoft Windows is prone to a memory corruption vulnerability when instantiating the 'HtmlDlgHelper Class Object' in a Microsoft Office Document (ie: .XLS, .DOC). The affected vulnerable module is part of Internet Explorer ('mshtmled.dll'). This vulnerability could be used by a remote attacker to execute arbitrary code with the privileges of the user that opened the malicious file.
↧