Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:3579
HistoryOct 03, 2002 - 12:00 a.m.

Buffer Overflow in IE/Outlook HTML Help

2002-10-0300:00:00
vulners.com
16
JSON

NGSSoftware Insight Security Research Advisory

Name: Windows Help System Buffer Overflow
Systems: Windows XP,2000,NT,ME and 98
Severity: High Risk
Category: Buffer Overflow Vulnerability
Vendor URL: http://www.microsoft.com/
Author: David Litchfield ([email protected])
Advisory URL: http://www.ngssoftware.com/advisories/ms-winhlp.txt
Date: 2nd October 2002
Advisory number: #NISR02102002

Introduction

The Windows Help system includes an ActiveX control known as the HTML Help
Control, hhctrl.ocx. The "Alink" function of this control is vulnerable to a
buffer overflow that can be exploited to gain control of the user's machine.

Details

By providing an overly long parameter to the vulnerable function an internal
buffer is overflowed and program control structures can be overwritten
allowing an attacker to remotely gain control of their victims PC. This
could be done by enticing the victim to a website that contained a webpage
that exploits the vulnerability or by sending the victim an HTML mail. When
opened in Outlook the overflow will be triggered.

Fix Information

Microsoft have produced a patch which is available from their web site.
More details are available from

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS
02-055.asp

JSON