Sunday, December 2, 2007

A vulnerability in HTML Help could allow remote code execution

MS05-026: A vulnerability in HTML Help could allow remote code execution

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
"MaxAllowedZone"=dword:00000000
"UrlAllowList"=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000000
"UrlAllowList"=""



REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions]
"MaxAllowedZone"=dword:00000000
"UrlAllowList"="http://contoso/salesapp/"
"EnableFrameNavigationInSafeMode"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions]
"MaxAllowedZone"=dword:00000000
"UrlAllowList"="http://contoso/salesapp/"

Registry entries

The following table lists the HTML Help registry entries that this article discusses. The table also lists the Microsoft Knowledge Base article that you can see for more information.
Value
Microsoft Knowledge Base article
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions\MaxAllowedZone
892675 (http://support.microsoft.com/kb/892675/) Certain Web sites and HTML Help features may not work after you install security update 896358 or security update 890175
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions\UrlAllowList
892675 (http://support.microsoft.com/kb/892675/) Certain Web sites and HTML Help features may not work after you install security update 896358 or security update 890175
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\HHRestrictions\EnableFrameNavigationInSafeMode
896905 (http://support.microsoft.com/kb/896905/) After you install security update 896358, content that should be displayed in a different frame is displayed in the frame that contains the HTML Help ActiveX control
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions\MaxAllowedZone
896054 (http://support.microsoft.com/kb/896054/) You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\HTMLHelp\1.x\ItssRestrictions\UrlAllowList
896054 (http://support.microsoft.com/kb/896054/) You cannot open remote content by using the InfoTech protocol after you install security update 896358, security update 840315, or Windows Server 2003 Service Pack 1
Posted by at