Internet Explorer HTML Help ActiveX Control Memory Corruption

Specially crafted images could allow remote access to vulnerable PCs

This vulnerability is caused by an error in the HTML Help ActiveX control (hhctrl.ocx). When handling the "Image" property within an HTML file, the vulnerability can be exploited by using a long string to cause memory corruption (buffer overflow). Successful exploit could lead to the execution of remote code on a compromised PC.

Additional Resources:

Tags:
Mobile
About the author

    As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

     

    Join the discussion

    Conversation powered by Livefyre

    Show Comments Hide Comments
    Latest Galleries from CNET
    The best 3D-printing projects of 2014 (pictures)
    15 crazy old phones from a Korean museum (pictures)
    10 gloriously geeky highlights from 2014 (pictures)
    2015.5 Volvo XC60: updated tech, understated design
    Busted! CNET readers show us their broken devices (pictures)