The HtmlHelp application (hh.exe) in Microsoft windows read a value from a .CHM file to set a length parameter. By setting this to a large value, it is possible to overwrite sections of the heap with attacker supplied values. Affected software includes: Microsoft Windows 98, 98SE, ME, Microsoft Windows NT 4.0, Microsoft Windows 2000 Service Pack 4, Microsoft Windows XP, Microsoft Windows XP Service Pack 1, Microsoft Windows Server 2003.
ac7c55f929b9e971cc8376ae4bda17d5f164652d10bf394f6db55a9ddb4eacb6Technical Cyber Security Alert TA04-196A - Multitudes of vulnerabilities have been discovered amongst the Microsoft product line. Flaws that exist include Outlook Express failing to properly validate malformed e-mail headers, the Utility Manager allowing code execution, POSIX allowing code execution, IIS having a buffer overflow, the Task Scheduler having a buffer overflow, the HTML Help component failing to properly validate input data, and the Windows Shell allowing remote code execution.
1821f11a0fd592a922c98d1ad695e3b418762020d34a0f3cea361eefef4c0a68
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed