Alias(es)Windows.HELPME.Buffer.Overflow |
Release DateSep 11, 2006 |
Severitylow |
ImpactSystem compromise: the vulnerability allows an attacker to cause a buffer overflow and potentially execute arbitrary code or launch a denial of service attack. |
DescriptionThis indicates a potential buffer-overrun exploit of a vulnerability in Winhlp32.exe.Winhlp32.exe is used by the HTML Help ActiveX control, which ships with Microsoft HTML Help. The vulnerability is a result of insufficient bounds checking of the "Item" parameter in the WinHlp command. This may be exploited to cause denial of service attacks or execution of arbitrary code. |
Affected ProductsMicrosoft Windows 2000Microsoft Windows 95 Microsoft Windows 98 Microsoft Windows ME Microsoft Windows NT Microsoft Windows XP |
Recommended ActionsThe workaround is to disable active scripts or remove Winhlp32.exe if it is not required.Apply appropriate patches or upgrade the system to the latest non-vulnerable version. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2002-0823 |
Reference/shttp://www.securityfocus.com/bid/4857 (BugTraq) |
