Microsoft Windows winhlp32.exe Overflow

2004-12-20T00:00:00
ID OSVDB:12625
Type osvdb
Reporter Keji(yu_keji@venustech.com.cn)
Modified 2004-12-20T00:00:00

Description

Vulnerability Description

A remote overflow exists in Microsoft Windows. The 'winhlp32.exe' application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '.hlp' file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in Microsoft Windows. The 'winhlp32.exe' application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '.hlp' file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com/ Security Tracker: 1012682 Secunia Advisory ID:13645 Related OSVDB ID: 12623 Related OSVDB ID: 12624 Other Advisory URL: http://www.xfocus.net/flashsky/icoExp/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0392.html Keyword: AD_LAB-04006 ISS X-Force ID: 18678 CVE-2004-1306 CVE-2004-1361 Bugtraq ID: 12091