Microsoft IE HTML Help ActiveX Control alink and showHelp Overflow

2002-10-03T00:00:00
ID OSVDB:2992
Type osvdb
Reporter OSVDB
Modified 2002-10-03T00:00:00

Description

Vulnerability Description

Microsoft Windows HTML Help ActiveX Control contains a flaw that allows remote attackers to execute arbitrary code. The flaw occurs due to an unchecked buffer in the hhctrl.ocx file. This can be exploited by using a long parameter to the "Alink" function or a script containing a long argument to the "showHelp" function.

Technical Description

HTML Help ActiveX control ships as part of Microsoft HTML Help, and is designed to work with Internet Explorer to provide functionality for help systems.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (Q323255) to address this vulnerability.

Short Description

Microsoft Windows HTML Help ActiveX Control contains a flaw that allows remote attackers to execute arbitrary code. The flaw occurs due to an unchecked buffer in the hhctrl.ocx file. This can be exploited by using a long parameter to the "Alink" function or a script containing a long argument to the "showHelp" function.

References:

Vendor Specific Solution URL: http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40213 Microsoft Security Bulletin: MS02-055 Mail List Post: http://marc.theaimsgroup.com/?l=bugtraq&m=103419115517344&w=2 ISS X-Force ID: 10253 CVE-2002-0693 Bugtraq ID: 5874