Microsoft HTML Help Control Privilege Escalation

2003-10-24T07:37:20
ID OSVDB:2745
Type osvdb
Reporter OSVDB
Modified 2003-10-24T07:37:20

Description

Vulnerability Description

Microsoft HTML Help Control, used in all current versions of Windows as of Oct 2003, contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the HTML Help control is called from a program running with privileges greater than the current user. This flaw may lead to a loss of Authorization.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Microsoft HTML Help Control, used in all current versions of Windows as of Oct 2003, contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the HTML Help control is called from a program running with privileges greater than the current user. This flaw may lead to a loss of Authorization.

References:

Secunia Advisory ID:10066 ISS X-Force ID: 13509 Generic Exploit URL: http://www.securityfocus.com/archive/1/342312 Bugtraq ID: 8884