virus logo Intrusion Prevention

MS.Windows.DHTML.Editing.Component.ActiveX.Code.Execution

description-logoDescription

In September 08, 2009, Microsoft released a Security Bulletin MS09-046 regarding a privately reported vulnerability in the DHTML Editing Component ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
Tavis Ormandy of Google Inc. reported the DHTML Editing Component ActiveX Control Vulnerability (CVE-2009-2519). A remote code execution vulnerability exists in the DHTML Editing Component ActiveX Control. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
This security update is rated Critical for all supported editions of Microsoft Windows 2000 and Windows XP and Moderate for all supported editions of Windows Server 2003. For more information, see the subsection, Affected and Non-Affected Software, in this section.

affected-products-logoAffected Products

Microsoft Windows XP Service Pack 2
Microsoft Windows XP Service Pack 3
Microsoft Windows XP Professional x64 Edition Service Pack 2
Microsoft Windows Server 2003 Service Pack 2
Microsoft Windows Server 2003 x64 Edition Service Pack 2
Microsoft Windows Server 2003 with SP2 for Itanium-based Systems

Impact logoImpact

An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

recomended-action-logoRecommended Actions

The majority of customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. Customers who have not enabled automatic updating need to check for updates and install this update manually. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871 (http://support.microsoft.com/kb/294871).
For administrators and enterprise installations, or end users who want to install this security update manually, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update (http://go.microsoft.com/fwlink/?LinkID=40747) service.
For FortiGate users, turning on these IPS signatures can prevent exploitation of this vulnerability:
MS.DHTML.Editing.Component.ActiveX.Remote.Code.Execution

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2020-10-12 16.941 Name:MS.
DHTML.
Editing.
Component.
ActiveX.
Control.
Code.
Execution:MS.
Windows.
DHTML.
Editing.
Component.
ActiveX.
Code.
Execution
ID 17711
Created Sep 08, 2009
Updated Oct 09, 2020
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2009-2519
Exploit Prediction Score 73.37%
Default Action drop
Active
Affected OS Windows
Affected App IE