Lucene search
K

169 matches found

Tenable Nessus
Tenable Nessus
added 2004/07/13 12:0 a.m.27 views

MS04-023: Vulnerability in HTML Help Could Allow Code Execution (840315)

The remote host is subject to two vulnerabilities in the HTML Help and showHelp modules that could allow an attacker to execute arbitrary code on the remote host. To exploit these flaws, an attacker would need to set up a rogue website containing a malicious showHelp URL, and would need to lure a...

10CVSS6.1AI score0.5261EPSS
Exploits1References3
CERT
CERT
added 2004/04/05 12:0 a.m.29 views

Outlook Express MHTML protocol handler does not properly validate source of alternate content

Overview The Outlook Express MIME Encapsulation of Aggregate HTML Documents MHTML protocol handler does not adequately validate the source of alternate content. An attacker could exploit this vulnerability to access data and execute script in different security domains. By causing script to be ru...

10CVSS6.5AI score0.6325EPSS
Exploits1References25
securityvulns
securityvulns
added 2004/01/12 12:0 a.m.37 views

HTML help privilege escalation

HtmlHelp call doesn't drop system privileges...

1.6AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2003/10/24 12:0 a.m.29 views

[Full-Disclosure] HTML Help API - Privilege Escalation

===================================================================== = HTML Help API - Privilege Escalation = = Tested against: = HTML Help Control Version 5.2.3735.1 = = [email protected] = http://www.security-assessment.com = = Originally posted: October 24th, 2003...

Exploits0
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.18 views

CVE-2002-0823

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control HHCtrl.ocx with a long pathname in the Item parameter...

7.8AI score0.444EPSS
Exploits0References5
CERT
CERT
added 2003/02/06 12:0 a.m.30 views

Microsoft Internet Explorer allows arbitrary local file reading via "showHelp()" function

Overview A vulnerability in Microsoft Internet Explorer IE allows remote attackers to read arbitrary files on a vulnerable system. Description A vulnerability in the showHelp Method contained within IE may allow a remote attacker to read arbitrary files. For further details, please see the...

7.5CVSS7.6AI score0.38935EPSS
Exploits0References4
NVD
NVD
added 2002/10/10 4:0 a.m.21 views

CVE-2002-0693

Buffer overflow in the HTML Help ActiveX Control hhctrl.ocx in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via 1 a long parameter to the Alink function, or 2 script...

7.5CVSS7.2AI score0.52422EPSS
Exploits0References7
NVD
NVD
added 2002/10/10 4:0 a.m.19 views

CVE-2002-0694

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to...

7.5CVSS7.5AI score0.13667EPSS
Exploits0References3
Cvelist
Cvelist
added 2002/10/05 4:0 a.m.24 views

CVE-2002-0693

Buffer overflow in the HTML Help ActiveX Control hhctrl.ocx in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via 1 a long parameter to the Alink function, or 2 script...

7.2AI score0.52422EPSS
Exploits0References7
CVE
CVE
added 2002/10/05 4:0 a.m.74 views

CVE-2002-0693

The CVE-2002-0693 issue affects multiple Windows platforms (Windows 98, 98 SE, Millennium, NT 4.0 and Terminal Server, Windows 2000, Windows XP) through the HTML Help ActiveX control (hhctrl.ocx). The root cause is an unchecked/buffer overflow in the HTML Help facility ActiveX module that could b...

7.5CVSS7.2AI score0.52422EPSS
Exploits0References7Affected Software7
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.51 views

Security Bulletin MS02-055: Unchecked Buffer in Windows Help Facility Could Enable Code Execution (Q323255)

---------------------------------------------------------------------- Title: Unchecked Buffer in Windows Help Facility Could Enable Code Execution Q323255 Date: 02 October 2002 Software: Microsoft Windows 98 Microsoft Windows 98 Second Edition Microsoft Windows Millennium Edition Microsoft...

1AI score
Exploits0
securityvulns
securityvulns
added 2002/10/03 12:0 a.m.44 views

Buffer Overflow in IE/Outlook HTML Help

NGSSoftware Insight Security Research Advisory Name: Windows Help System Buffer Overflow Systems: Windows XP,2000,NT,ME and 98 Severity: High Risk Category: Buffer Overflow Vulnerability Vendor URL: http://www.microsoft.com/ Author: David Litchfield [email protected] Advisory URL:...

0.8AI score
Exploits0
securityvulns
securityvulns
added 2002/08/03 12:0 a.m.50 views

Winhelp32 Remote Buffer Overrun

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NGSSoftware Insight Security Research Advisory Name: Winhlp32.exe Remote BufferOverrun Systems Affected: Win2K Platform Severity: Critical Category: Remote Buffer Overrun Vendor URL: http://www.mircosoft.com Author: Mark Litchfield [email protected]...

7.3AI score
Exploits0
exploitpack
exploitpack
added 2002/05/27 12:0 a.m.17 views

Microsoft Windows 95982000NT 4.0 - WinHlp Item Buffer Overflow

Microsoft Windows 95982000NT 4.0 - WinHlp Item Buffer Overflow source: https://www.securityfocus.com/bid/4857/info HTML Help ActiveX control Hhctrl.ocx ships as part of Microsoft HTML Help and is designed to work with Internet Explorer to provide functionality for help systems. A remotely...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2002/05/27 12:0 a.m.43 views

Microsoft Windows 95/98/2000/NT 4.0 - WinHlp Item Buffer Overflow

source: https://www.securityfocus.com/bid/4857/info HTML Help ActiveX control Hhctrl.ocx ships as part of Microsoft HTML Help and is designed to work with Internet Explorer to provide functionality for help systems. A remotely exploitable issue has been reported in the WinHlp facility. The softwa...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2000/06/03 12:0 a.m.50 views

Security Bulletin (MS00-037)

Patch Available for "HTML Help File Code Execution" Vulnerability Originally posted: June 02, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in the HTML Help facility that ships with Microsoftr Internet Explorer. Under certain conditions, the...

6.7AI score
Exploits0
NVD
NVD
added 2000/03/01 5:0 a.m.21 views

CVE-2000-0201

The window.showHelp method in Internet Explorer 5.x does not restrict HTML help files .chm to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking...

5.1CVSS7.2AI score0.06848EPSS
Exploits0References1
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.7 views

Security Update for Windows 2000 (KB922616)

A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using a vulnerability in HTML Help and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to...

2.5AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.12 views

Security Update for Windows Server 2003 for Itanium-based Systems (KB922616)

A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using a vulnerability in HTML Help and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to...

2.6AI score
Exploits0
Microsoft Security Update
Microsoft Security Update
added 1970/01/01 12:0 a.m.9 views

Security Update for Windows XP (KB922616)

A security issue has been identified that could allow an attacker to remotely compromise your Windows-based system using a vulnerability in HTML Help and gain control over it. You can help protect your computer by installing this update from Microsoft. After you install this item, you may have to...

2.4AI score
Exploits0
Rows per page
Query Builder