Lucene search

SAINT CorporationSAINT:D04FC656906A4F69554E4FB2114D8F0A

HistoryJan 31, 2007 - 12:00 a.m.

Microsoft Help Workshop .CNT file buffer overflow

2007-01-3100:00:00

SAINT Corporation

my.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.908 High

EPSS

Percentile

98.8%

JSON

Added: 01/31/2007
CVE: CVE-2007-0352
BID: 22100
OSVDB: 31898

Background

Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product.

Problem

A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user opens a Help Contents (.CNT) file containing a long, specially crafted line.

Resolution

Do not open .CNT files from untrusted sources.

References

<http://www.securityfocus.com/archive/1/457210>

Limitations

Exploit works on Microsoft Help Workshop 4.03 and requires the user to open the exploit file.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.908 High

EPSS

Percentile

98.8%

JSON

Related for SAINT:D04FC656906A4F69554E4FB2114D8F0A