Lucene search
K

169 matches found

Symantec
Symantec
added 2005/06/14 12:0 a.m.17 views

Microsoft Windows HTML Help Remote Code Execution Vulnerability

Description Microsoft Windows HTML Help is affected by a remote code execution vulnerability. The vulnerability presents itself when the application handles malformed data through the InfoTech protocol ms-its, its, mk:@msitstore. An attacker may exploit this issue from a malicious Web page or...

8.3AI score
Exploits0References2Affected Software3
CERT
CERT
added 2005/06/14 12:0 a.m.26 views

Microsoft HTML Help vulnerable to integer overflow

Overview Microsoft HTML Help contains an integer overflow vulnerability, allowing a remote attacker to execute arbitrary code. Description HTML Help The Microsoft HTML Help system ". . . is the standard help system for the Windows platform." HTML Help components can be compiled to ". . . compress...

10CVSS6.8AI score0.4715EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2005/06/14 12:0 a.m.38 views

MS05-026: Vulnerability in HTML Help Could Allow Remote Code Execution (896358)

The remote host contains a version of the HTML Help ActiveX control that is vulnerable to a security flaw that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page. C Tenable Network Security, Inc...

10CVSS6.1AI score0.4715EPSS
Exploits0References2
securityvulns
securityvulns
added 2005/01/13 12:0 a.m.68 views

Alert: Microsoft Security Bulletin MS05-001 - Vulnerability in HTML Help Could Allow Code Execution (890175)

Microsoft Security Bulletin MS05-001 Vulnerability in HTML Help Could Allow Code Execution 890175 Issued: January 11, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Rating: Critical...

5CVSS7AI score0.44984EPSS
Exploits1
CERT
CERT
added 2005/01/12 12:0 a.m.69 views

Microsoft Windows HTML Help ActiveX control does not adequately validate window source

Overview The Microsoft Windows HTML Help ActiveX control contains a cross-domain vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary commands or code with the privileges of the user running the control. The HTML Help control can be instantiated by an HTML...

5CVSS6.7AI score0.44984EPSS
Exploits1References22
Tenable Nessus
Tenable Nessus
added 2005/01/11 12:0 a.m.44 views

MS05-001: HTML Help Code Execution (890175)

The remote host contains a version of the HTML Help ActiveX control that could allow an attacker to execute arbitrary code on the remote host by constructing a malicious web page and entice a victim to visit this web page. C Tenable Network Security, Inc. include"compat.inc"; if description...

5CVSS6.2AI score0.44984EPSS
Exploits1References2
NVD
NVD
added 2004/12/31 5:0 a.m.30 views

CVE-2004-0985

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in...

10CVSS7.2AI score0.20239EPSS
Exploits0References4
0day.today
0day.today
added 2004/12/25 12:0 a.m.30 views

MS Internet Explorer (<= XP SP2) HTML Help Control Local Zone Bypass

Exploit for unknown platform in category remote exploits ==================================================================== MS Internet Explorer localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt /...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2004/12/25 12:0 a.m.21 views

Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass

Microsoft Internet Explorer Windows XP SP2 - HTML Help Control Local Zone Bypass // sp2rc.htm // localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt // Dim Conn, rs Set Conn = CreateObject"ADODB.Connection" Conn.Open "Driver=Microsoft Text Driver .txt; .csv;" & "Dbq=http://server;"...

7.2AI score
Exploits0
Exploit DB
Exploit DB
added 2004/12/25 12:0 a.m.51 views

Microsoft Internet Explorer (Windows XP SP2) - HTML Help Control Local Zone Bypass

// sp2rc.htm // localpage.HHClick; setTimeout"inject.HHClick",100; // writehta.txt // Dim Conn, rs Set Conn = CreateObject"ADODB.Connection" Conn.Open "Driver=Microsoft Text Driver .txt; .csv;" & "Dbq=http://server;" & "Extensions=asc,csv,tab,txt;" & "Persist Security Info=False" Dim sql sql =...

7.4AI score
Exploits0
CERT
CERT
added 2004/12/22 12:0 a.m.36 views

Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown

Overview The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone. Description Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature...

10CVSS6.2AI score0.20239EPSS
Exploits0References6
securityvulns
securityvulns
added 2004/11/02 12:0 a.m.21 views

Internet Explorer HTML Help Control ActiveX crossite scripting

By clicking control element, it's possible to activate script in context of different site or local system...

1.1AI score
Exploits0References1Affected Software1
CVE
CVE
added 2004/10/26 4:0 a.m.72 views

CVE-2004-0985

CVE-2004-0985 is linked to the Drag-and-Drop Vulnerability in Internet Explorer (IE6) and is addressed by Microsoft’s MS05-014/MS05-008 security updates. The connected documents describe a privilege-elevation/remote code execution scenario in IE6 via drag‑and‑drop handling, which could allow savi...

10CVSS7.2AI score0.20239EPSS
Exploits0References4Affected Software1
Symantec
Symantec
added 2004/10/20 12:0 a.m.19 views

Microsoft Windows HTML Help Control Cross-Zone Scripting Vulnerability

Description The Microsoft Windows HTML Help ActiveX control hhctrl.ocx is prone to a vulnerability that may permit cross-zone scripting. The HTML Help control is a component that allows help functionality to be inserted in an HTML file. It is possible to exploit this vulnerability through Interne...

7.1AI score
Exploits0References2Affected Software9
Symantec
Symantec
added 2004/10/12 12:0 a.m.18 views

Microsoft Internet Explorer Unspecified showHelp Zone Bypass Vulnerability

Description Microsoft Security Bulletin MS04-038 includes fixes to address an unspecified vulnerability in Internet Explorer that may permit elevation of zone privileges by bypassing from the Internet Zone to the Local Zone. The vendor has stated that additional security verifications have been...

7AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.31 views

CVE-2002-0694

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to...

7.5AI score0.13667EPSS
Exploits0References3
CVE
CVE
added 2004/09/01 4:0 a.m.63 views

CVE-2002-0694

The CVE-2002-0694 issue is tied to an unchecked buffer in Windows Help (Q323255) that affected Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP. Root cause: a vulnerability in the HTML Help facility could allow a remote attack...

7.5CVSS7.5AI score0.13667EPSS
Exploits0References3Affected Software7
securityvulns
securityvulns
added 2004/07/14 12:0 a.m.27 views

Microsoft HTML Help buffer overflow

Buffer overflow on CHM format parsing...

2.6AI score
Exploits0References2
CERT
CERT
added 2004/07/14 12:0 a.m.30 views

Microsoft Windows HTML Help component fails to properly validate input data

Overview There is a vulnerability in the HTML Help component of Microsoft Windows that could allow an attacker to execute arbitrary code on an affected system. Description Microsoft HTML Help provides a standard help system for the Windows operating system. There is a vulnerability in the way...

10CVSS6.9AI score0.45137EPSS
Exploits0References5
Symantec
Symantec
added 2004/07/13 12:0 a.m.16 views

Microsoft Windows HTML Help Heap Overflow Vulnerability

Description The Microsoft Windows HTML Help facility is prone to a remotely exploitable heap overflow vulnerability. This vulnerability could be exploited from a malicious Web page or through HTML email to execute arbitrary code with the privileges of the currently logged in user. Technologies...

8.2AI score
Exploits0References3Affected Software7
Rows per page
Query Builder