Computer Security
[EN] securityvulns.ru no-pyccku


Microsoft Help Workshop buffer overflow
updated since 18.01.2007
Published:20.01.2007
Source:
SecurityVulns ID:7068
Type:local
Threat Level:
5/10
Description:Buffer overflow on .cnt / .hpj files parsing.
Affected:MICROSOFT : Microsoft Help Workshop 4.03
CVE:CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.)
 CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.)
Original documentdocumentporkythepig_(at)_anspi.pl, Help project files (.HPJ) buffer overflow vulnerability in Microsoft Help Workshop (20.01.2007)
 documentporkythepig_(at)_anspi.pl, Microsoft Help Workshop .CNT contents files buffer overflow vulnerability (18.01.2007)
Files:PoC exploit for .cnt files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002
 PoC exploit for (.HPJ) project files buffer overflow vulnerability in Microsoft Help Workshop v4.03.0002

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod