Lucene search

SAINT CorporationSAINT:DEF208951E4DD90642673A75CA61CB5D

HistoryJan 26, 2007 - 12:00 a.m.

Microsoft Help Workshop .HPJ file HLP field buffer overflow

2007-01-2600:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.942 High

EPSS

Percentile

99.0%

JSON

Added: 01/26/2007
CVE: CVE-2007-0427
BID: 22135
OSVDB: 31899

Background

Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product.

Problem

A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user opens a **.HPJ** file containing a long **HLP** field in the **OPTIONS** section.

Resolution

Do not open **.HPJ** files from untrusted sources.

References

<http://www.securityfocus.com/archive/1/457436>

Limitations

Exploit works on Microsoft Help Workshop 4.03 and requires the user to open the exploit file.

Platforms

Windows

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.942 High

EPSS

Percentile

99.0%

JSON

Related for SAINT:DEF208951E4DD90642673A75CA61CB5D