SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Help System Vendors:   Microsoft
Microsoft Windows Help System Buffer Overflows in Processing Phrase Compressed Help Files Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1012682
SecurityTracker URL:  http://securitytracker.com/id/1012682
CVE Reference:   CVE-2004-1306   (Links to External Site)
Updated:  Dec 24 2004
Original Entry Date:  Dec 24 2004
Impact:   Execution of arbitrary code via network, User access via network
Exploit Included:  Yes  

Description:   A buffer overflow vulnerability was reported in Microsoft Windows in 'winhlp32.exe'. A remote user can cause arbitrary code to be executed on the target user's system.

Venustech AD-Lab reported that a remote user can create a specially crafted '.hlp' file that, when loaded by the target user, will trigger a heap overflow and execute arbitrary code on the target user's system.

If the '.hlp' help file is phrase compressed, an integer overflow in the processing of phrase offsets can be triggered and a heap overflow in the processing of the user-supplied phrasesEndOffset parameter can be triggered.

A demonstration exploit is available at:

http://www.xfocus.net/flashsky/icoExp/index.html

Keji (yu_keji at venustech.com.cn) is credited with discovering this flaw.

Impact:   A remote user can cause arbitrary code to be executed on the target user's system.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.microsoft.com/ (Links to External Site)
Cause:   Boundary error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC