Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability

2004-12-23T00:00:00
ID EDB-ID:25049
Type exploitdb
Reporter flashsky fangxing
Modified 2004-12-23T00:00:00

Description

Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability. CVE-2004-1306 . Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/12091/info

Microsoft Windows is prone to an integer overflow vulnerability. This issue exists in 'winhlp32.exe' and is exposed when a malformed phrase compressed Windows Help file (.hlp) is processed by the program.

Successful exploitation may allow execution of arbitrary code in the context of the user that opens the malicious Help file. The Help file may originate from an external or untrusted source, so this vulnerability is considered remote in nature. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/25049.gz