Internet Explorer HTML Help ActiveX Control Memory Corruption
Specially crafted images could allow remote access to vulnerable PCs
Robert VamosiFormer Editor
As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.
This vulnerability is caused by an error in the HTML Help ActiveX control (hhctrl.ocx). When handling the "Image" property within an HTML file, the vulnerability can be exploited by using a long string to cause memory corruption (buffer overflow). Successful exploit could lead to the execution of remote code on a compromised PC.