Alias(es)Microsoft.Help.Workshop.Buffer.Overflow |
Release DateMar 30, 2006 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a stack-based buffer-overflow vulnerability in Microsoft HTML Help Workshop.The vulnerability is caused by an error when the vulnerable software handles a malicious ".hhp" file with too long "OPTIONS" fields. It allows a remote attacker to execute arbitrary code via sending a crafted ".hhp" file. |
Affected ProductsMicrosoft HTML Help Workshop 4.74.8702.0 and earlier versions. |
Recommended ActionsUpgrade to a non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2006-0564 |
Reference/shttp://milw0rm.com/exploits/7727http://users.pandora.be/bratax/advisories/b008.htm |
