Microsoft HTML Help Workshop Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running Microsoft HTML Help Workshop which is prone to buffer overflow vulnerability.

Impact

Successful remote exploitation could context-dependent attackers to execute arbitrary code via a .hhp file with a long index file field. Impact Level: System.

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://office.microsoft.com/en-us/orkXP/HA011362801033.aspx

Insight

A flaw is due to the way application handle a malformed HTML help workshop project.

Affected

Microsoft HTML Help Workshop 4.74 and prior on Windows.

References

http://en.securitylab.ru/nvd/366501.php
http://www.security-database.com/detail.php?alert=CVE-2009-0133

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-0133

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Windows DNS Devolution Third-Level Domain Name Resolving Weakness (971888)
Microsoft Windows Progman Group Converter Insecure Library Loading Vulnerability
Microsoft EAP Implementation TLS Information Disclosure Vulnerability (2977292)
Update to Improve Credentials Protection and Management (2871997)
Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability

Microsoft HTML Help Workshop buffer overflow vulnerability

Take action and discover your vulnerabilities