{"id": "SECURITYVULNS:DOC:3579", "bulletinFamily": "software", "title": "Buffer Overflow in IE/Outlook HTML Help", "description": "NGSSoftware Insight Security Research Advisory\r\n\r\nName: Windows Help System Buffer Overflow\r\nSystems: Windows XP,2000,NT,ME and 98\r\nSeverity: High Risk\r\nCategory: Buffer Overflow Vulnerability\r\nVendor URL: http://www.microsoft.com/\r\nAuthor: David Litchfield (david@ngssoftware.com)\r\nAdvisory URL: http://www.ngssoftware.com/advisories/ms-winhlp.txt\r\nDate: 2nd October 2002\r\nAdvisory number: #NISR02102002\r\n\r\n\r\nIntroduction\r\n************\r\nThe Windows Help system includes an ActiveX control known as the HTML Help\r\nControl, hhctrl.ocx. The "Alink" function of this control is vulnerable to a\r\nbuffer overflow that can be exploited to gain control of the user's machine.\r\n\r\nDetails\r\n*******\r\nBy providing an overly long parameter to the vulnerable function an internal\r\nbuffer is overflowed and program control structures can be overwritten\r\nallowing an attacker to remotely gain control of their victims PC. This\r\ncould be done by enticing the victim to a website that contained a webpage\r\nthat exploits the vulnerability or by sending the victim an HTML mail. When\r\nopened in Outlook the overflow will be triggered.\r\n\r\nFix Information\r\n***************\r\nMicrosoft have produced a patch which is available from their web site.\r\nMore details are available from\r\n\r\nhttp://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS\r\n02-055.asp\r\n\r\n\r\n\r\n\r\n\r\n\r\n\r\n", "published": "2002-10-03T00:00:00", "modified": "2002-10-03T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:3579", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:06", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 3.7, "vector": "NONE", "modified": "2018-08-31T11:10:06", "rev": 2}, "dependencies": {"references": [{"type": "threatpost", "idList": ["THREATPOST:F3563336B135A1D7C1251AE54FDC6286"]}, {"type": "nessus", "idList": ["EULEROS_SA-2020-1318.NASL", "EULEROS_SA-2020-1323.NASL", "FREEBSD_PKG_090763F6703011EA93DD080027846A02.NASL", "EULEROS_SA-2020-1314.NASL", "DEBIAN_DLA-2164.NASL", "FREEBSD_PKG_40194E1C6D8911EA808280EE73419AF3.NASL", "EULEROS_SA-2020-1299.NASL", "FREEBSD_PKG_D887B3D9736611EAB81A001CC0382B2F.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562311220201314", "OPENVAS:1361412562311220201323", "OPENVAS:1361412562310892164", "OPENVAS:1361412562311220201318"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2164-1:52F3C"]}, {"type": "zdt", "idList": ["1337DAY-ID-34159", "1337DAY-ID-34153", "1337DAY-ID-34157", "1337DAY-ID-34144", "1337DAY-ID-34134"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:10149"]}], "modified": "2018-08-31T11:10:06", "rev": 2}, "vulnersScore": 3.7}, "affectedSoftware": []}

{"rst": [{"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **fotozecevic[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 172[.]67.153.199,104.21.80.202\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:F43BC17C-30FC-3579-853E-0ED3028A25DF", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: fotozecevic.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **duo[.]inf.br** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 64[.]207.139.168\nWhois:\n Created: 2015-09-22 21:00:00, \n Registrar: unknown, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:954DF00D-F199-3579-9119-4700198775F0", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: duo.inf.br", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **sublimepainting[.]net** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:90FA0CEF-BA6D-3579-8B2D-40044A13D5D2", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: sublimepainting.net", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **supplementsandfitness[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-12T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-12T00:00:00", "id": "RST:5BEB3B95-A15E-3579-ADA0-FF29A72744DA", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: supplementsandfitness.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **sulportale[.]50webs.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **24**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nDomain has DNS A records: 162[.]210.101.108,198.41.0.4\nWhois:\n Created: 2004-10-18 13:43:54, \n Registrar: LiquidNet Ltd, \n Registrant: unknown.\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:3391733B-30D9-3579-8F53-0450F1EF0596", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: sulportale.50webs.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **east-west[.]com.sg** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-12-22T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-12-22T00:00:00", "id": "RST:3D6D58BD-ABDC-3579-8DEE-881EBB26FBB4", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: east-west.com.sg", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **eaziparish[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-12T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **generic**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-12T00:00:00", "id": "RST:A851144A-28DA-3579-9490-7F30E5B2677A", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: eaziparish.com", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **espacelouisvuitton[.]fr** in [RST Threat Feed](https://rstcloud.net/profeed) with score **2**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **spam**.\nDomain has DNS A records: 192[.]5.5.241,192.58.128.30\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:5D3E33BA-87A9-3579-A25F-47F0690E9889", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: espacelouisvuitton.fr", "type": "rst", "cvss": {}}, {"lastseen": "2020-11-06T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **cologne[.]coinpoolit.webhop.me** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2020-03-17T03:00:00, Last seen: 2020-11-06T03:00:00.\n IOC tags: **cryptomining**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2020-03-17T00:00:00", "id": "RST:18F29862-EFE5-3579-992E-E4D2B37B2ED7", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: cologne.coinpoolit.webhop.me", "type": "rst", "cvss": {}}, {"lastseen": "2021-01-16T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **coachoutletstoreonlinev[.]com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **10**.\n First seen: 2019-12-15T03:00:00, Last seen: 2021-01-16T03:00:00.\n IOC tags: **spam**.\nIOC could be a **False Positive** (Domain not resolved. Whois records not found).\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2019-12-15T00:00:00", "id": "RST:EB4E140A-6E86-3579-BEB4-5E0BCF74A275", "href": "", "published": "2021-01-17T00:00:00", "title": "RST Threat feed. IOC: coachoutletstoreonlinev.com", "type": "rst", "cvss": {}}]}