9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.942 High
EPSS
Percentile
99.0%
Added: 01/26/2007
CVE: CVE-2007-0427
BID: 22135
OSVDB: 31899
Microsoft Help Workshop is a standard component of Microsoft Visual Studio and is also available as a standalone product.
A buffer overflow vulnerability in Microsoft Help Workshop allows command execution when a user opens a **.HPJ**
file containing a long **HLP**
field in the **OPTIONS**
section.
Do not open **.HPJ**
files from untrusted sources.
<http://www.securityfocus.com/archive/1/457436>
Exploit works on Microsoft Help Workshop 4.03 and requires the user to open the exploit file.
Windows