Zero-Day Advisory

Fortinet Discovers Microsoft Windows HTML Help Remote Code Execution Vulnerability


Fortinet's FortiGuard Labs has discovered a remote code execution vulnerability in Microsoft Windows.

Microsoft Compiled HTML Help is a Microsoft proprietary online help format, consisting of a collection of HTML pages, an index and other navigation tools. The files are compressed and deployed in a binary format with the extension .CHM, for Compiled HTML. The format is often used for software documentation.

A remote code execution vulnerability exists in the way that Windows handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code with elevated permissions on a target system. To exploit the vulnerability, an attacker could create a specially crafted 'chm' document, causing Windows to execute arbitrary code with elevated permissions.


FortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:

Released Feb 28, 2018

So far Microsoft has not provided any solution for it. 


Fortinet reported the vulnerability to Microsoft on Jan 23, 2018.

Microsoft confirmed the vulnerability on Feb 6, 2018.

Microsoft released the advisory for the vulnerability on May 8, 2018.


This vulnerability was discovered by Kushal Arvind Shah of Fortinet's FortiGuard Labs.

IPS Subscription

Fortinet customers who subscribe to Fortinet's intrusion prevention (IPS) service should be protected against this vulnerability with the appropriate configuration parameters in place. Fortinet's IPS service is one component of FortiGuard Subscription Services, which also offer comprehensive solutions such as antivirus, Web content filtering and antispam capabilities. These services enable protection against threats on both application and network layers. FortiGuard Services are continuously updated by FortiGuard Labs, which enables Fortinet to deliver a combination of multi-layered security intelligence and true zero-day protection from new and emerging threats. These updates are delivered to all FortiGate, FortiMail and FortiClient products. Fortinet strictly follows responsible disclosure guidelines to ensure optimum protection during a threat's lifecycle.