Lucene search

SAINT CorporationSAINT:116FD492AEFE5F9ACA899DEE67A07F29

HistoryJan 26, 2007 - 12:00 a.m.

Microsoft Help Workshop .HPJ file HLP field buffer overflow

2007-01-2600:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Added: 01/26/2007
CVE: CVE-2007-0427
BID: 22135
OSVDB: 31899

Background

Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product.

Problem

A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user opens a **.HPJ** file containing a long **HLP** field in the **OPTIONS** section.

Resolution

Do not open **.HPJ** files from untrusted sources.

References

<http://www.securityfocus.com/archive/1/457436>

Limitations

Exploit works on Microsoft Help Workshop 4.03 and requires the user to open the exploit file.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.944 High

EPSS

Percentile

99.2%

JSON

Related for SAINT:116FD492AEFE5F9ACA899DEE67A07F29