ID CVE-2006-4138 Type cve Reporter cve@mitre.org Modified 2018-10-17T21:33:00
Description
Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted attackers to execute arbitrary code via crafted HLP files.
{"exploitdb": [{"lastseen": "2016-02-03T08:02:11", "bulletinFamily": "exploit", "description": "Microsoft Windows XP/2000/2003 Help Multiple Remote Vulnerabilities. CVE-2006-4138. Dos exploit for windows platform", "modified": "2006-08-12T00:00:00", "published": "2006-08-12T00:00:00", "id": "EDB-ID:28381", "href": "https://www.exploit-db.com/exploits/28381/", "type": "exploitdb", "title": "Microsoft windows xp/2000/2003 help Multiple Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/19490/info\r\n\r\nThe Microsoft Windows Help File viewer (winhlp32.exe) is prone to multiple remote vulnerabilities.\r\n\r\nThese vulnerabilities present themselves when the application handles specially crafted Windows Help (.hlp) files.\r\n\r\nA successful attack may let the attacker crash the application or execute arbitrary code in the context of a vulnerable user who opens a malicious file.\r\n\r\nSpecific information regarding affected versions of Microsoft Windows is currently unavailable.\r\n\r\nUpdate: Since help files can inherently execute arbitrary malicious code, this BID is being retired.\r\n\r\nhttps://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/28381.zip", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/28381/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:25", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0247.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0252.html\n[CVE-2006-4138](https://vulners.com/cve/CVE-2006-4138)\nBugtraq ID: 19490\n", "modified": "2006-08-12T02:57:01", "published": "2006-08-12T02:57:01", "href": "https://vulners.com/osvdb/OSVDB:29231", "id": "OSVDB:29231", "title": "Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Arbitrary Code Execution", "type": "osvdb", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}