{"vuid":"VU#434641","idnumber":"434641","name":"Microsoft Internet Explorer may automatically execute HTA files","keywords":["Microsoft","Internet Explorer","arbitrary code execution",".HTA file"],"overview":"Microsoft Internet Explorer (IE) fails to properly handle HTA files. This vulnerability may allow a remote attacker to execute arbitrary code.","clean_desc":"HTML Application (HTA) HTML Applications (HTAs) are HTML documents that are executed as trusted applications. HTAs can run script, Java, or ActiveX controls. The Problem An error in the way that IE handles HTAs may allow a remote attacker to bypass IE's Security checks and execute an HTA application without a user's consent. Considerations More information is available in Microsoft Security Bulletin MS06-013.","impact":"If a remote attacker can persuade a user to access a specially crafted HTML page, that attacker may be able to execute arbitrary code with the privileges of the compromised user.","resolution":"Apply an Update\nThis issue is addressed in Microsoft Security Bulletin MS06-013.","workarounds":"Refer to Microsoft Security Bulletin MS06-013 for workarounds for this vulnerability.","sysaffected":"","thanks":"This vulnerability was reported by \nJeffrey van der Stad","author":"This document was written by Jeff Gennari","public":["http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx","http://jeffrey.vanderstad.net/grasshopper/","http://secunia.com/advisories/19378/","http://www.securityfocus.com/bid/17181"],"cveids":["CVE-2006-1388"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-03-31T15:52:13Z","publicdate":"2006-03-27T00:00:00Z","datefirstpublished":"2006-04-11T18:25:20Z","dateupdated":"2006-04-12T11:48:47Z","revision":12,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"20","cam_impact":"17","cam_easeofexploitation":"10","cam_attackeraccessrequired":"20","cam_scorecurrent":"25.5","cam_scorecurrentwidelyknown":"31.875","cam_scorecurrentwidelyknownexploited":"57.375","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":25.5,"vulnote":null}