VULHUB ™

NGSSoftware Insight Security Research Advisory - All versions of Microsoft Windows, with Microsoft Internet Explorer, come packaged with the Microsoft Active Setup/Install Engine components. These components are marked as safe for scripting and can be invoked by default from any basic web-page. The Install Engine control has been found to be vulnerable to an integer overflow, leading to a heap based buffer overflow which could allow an attacker to run arbitrary code on a vulnerable system through a specially crafted web-page or through a specially crafted HTML email if scripting is enabled.

NGSSoftware Insight Security Research Advisory - All versions of Microsoft Windows, with Microsoft Internet Explorer, come packaged with the Microsoft Active Setup/Install Engine components. These components are marked as safe for scripting and can be invoked by default from any basic web-page. The Install Engine control has been found to be vulnerable to an integer overflow, leading to a heap based buffer overflow which could allow an attacker to run arbitrary code on a vulnerable system through a specially crafted web-page or through a specially crafted HTML email if scripting is enabled.