Description: Mr.Niega has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a boundary error in inetcomm.dll when processing URLs with the "mhtml:" URI handler. This can be exploited to cause a stack-based buffer overflow via an overly long URL by e.g. tricking a user into visiting a malicious web site with Internet Explorer or opening a specially crafted Internet shortcut.
Successful exploitation allows execution of arbitrary code.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Changelog: 2006-06-07: Added CVE reference.
2006-08-08: Added additional information from Microsoft. Updated "Description" and "Solution" sections. Increased criticality and impact.
2006-08-09: Added link to US-CERT.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
