SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Help System Vendors:   Microsoft
Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1005332
SecurityTracker URL:  http://securitytracker.com/id/1005332
CVE Reference:   CVE-2002-0693   (Links to External Site)
Updated:  Dec 15 2003
Original Entry Date:  Oct 2 2002
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A buffer overflow vulnerability was reported in the Microsoft Windows Help System. A remote user can cause arbitrary code to be executed on the target user's computer to take control of the target user's host.

NGSSoftware issued an advisory warning that the HTML Help Control (hhctrl.ocx) ActiveX control has a buffer overflow in the "Alink" function. A remote user can create HTML that, when loaded by the target user, will execute arbitrary code.

The HTML code can provide a long parameter to the vulnerable function to trigger the internal buffer overflow. This can be exploited to overwrite program control structures and execute arbitrary code.

Impact:   A remote user can execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   The vendor has released a fix. For more information on the fix, see:

http://www.microsoft.com/technet/security/bulletin/MS02-055.asp

[Editor's note: At the time of this entry, the Microsoft bulletin was not yet posted. When it is posted, a separate alert will be issued as part of the Message History.]

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS02-055.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Microsoft Issues Fix) Microsoft Windows Help System Buffer Overflow in 'hhctrl.ocx' Lets Remote Users Execute Arbitrary Code
The vendor has released a fix.



 Source Message Contents

Subject:  Windows Help System Buffer Overflow


NGSSoftware Insight Security Research Advisory

Name: Windows Help System Buffer Overflow
Systems: Windows XP,2000,NT,ME and 98
Severity: High Risk
Category: Buffer Overflow Vulnerability
Vendor URL: http://www.microsoft.com/
Author: David Litchfield (david@ngssoftware.com)
Advisory URL: http://www.ngssoftware.com/advisories/ms-winhlp.txt
Date: 2nd October 2002
Advisory number: #NISR02102002


Introduction
************
The Windows Help system includes an ActiveX control known as the HTML Help
Control, hhctrl.ocx. The "Alink" function of this control is vulnerable to a
buffer overflow that can be exploited to gain control of the user's machine.

Details
*******
By providing an overly long parameter to the vulnerable function an internal
buffer is overflowed and program control structures can be overwritten
allowing an attacker to remotely gain control of their victim's PC. This
could be done by enticing the victim to a website that contained a webpage
that exploits the vulnerability or by sending the victim an HTML mail. When
opened in Outlook the overflow will be triggered.

Fix Information
***************
Microsoft have produced a patch which is available from their web site.
More details are available from

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-055.asp


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC