Vulnerability Note VU#851869
Microsoft HTML Help vulnerable to integer overflow
Microsoft HTML Help contains an integer overflow vulnerability, allowing a remote attacker to execute arbitrary code.
The Microsoft HTML Help system ". . . is the standard help system for the Windows platform." HTML Help components can be compiled to ". . . compress HTML, graphic, and other files into a relatively small compiled help (.chm) file. . ." The resulting compiled Help (CHM) file can then ". . . be distributed with a software application, or downloaded from the Web." The Help Viewer application ". . . uses the underlying components of Microsoft Internet Explorer to display help content. It supports HTML, ActiveX, Java, scripting languages (JScript, and Microsoft Visual Basic Scripting Edition). . ."
This URL references a local CHM file:
By convincing a victim to view a specially crafted CHM file, an attacker could execute arbitrary code with the privileges of the user. By using one of the InfoTech Storage Format protocols, such as ms-its, an attacker can cause open an arbitrary CHM file as the result of viewing an HTML document (web page, HTML email).
Upgrade or patch
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||-||14 Jun 2005|
CVSS Metrics (Learn More)
Thanks to Microsoft for reporting this vulnerability. Microsoft, in turn, credits eEye Digital Security and Peter Winter-Smith of Next Generation Security Software Ltd
This document was written by Will Dormann and is based on information provided by eEye Digital Security.
- CVE IDs: CAN-2005-1208
- Date Public: 14 Jun 2005
- Date First Published: 14 Jun 2005
- Date Last Updated: 27 Jun 2005
- Severity Metric: 36.35
- Document Revision: 13
If you have feedback, comments, or additional information about this vulnerability, please send us email.