The Microsoft HeartbeatCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Microsoft HeartbeatCtl ActiveX control is used to play multiplayer games on the MSN Games website. The HeartbeatCtl ActiveX control contains a buffer overflow in the handling of the "Host" parameter.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
This issue is addressed in Microsoft Security Bulletin MS07-069. This update sets the kill bit for several unsupported versions of the HeartbeatCtl ActiveX control.
This vulnerability was reported by Will Dormann of the CERT/CC.
This document was written by Will Dormann.
|Date First Published:||2008-04-21|
|Date Last Updated:||2008-04-21 21:29 UTC|