Users login

Create an account »


Users login

Home » Hacking News » Microsoft HTML help flaw

Microsoft HTML help flaw

by Nikola Strahija on February 7th, 2006 Microsoft's is investigating the published proof-of-concept exploit for a remotely exploitable buffer overflow in HTML Help Workshop.

The buffer overflow is triggered by a boundary error within the handling of a ".hhp" file, a successful attack could cause remote arbitrary code execution.

The vulnerable Microsoft HTML Help Workshop is part of the Microsoft HTML Help 1.4 SDK (software development kit) and is used to compress HTML, graphics files and other types of files into a compiled help (.chm) file.

According to a published alert, an unchecked buffer in the way HTML Help Workshop processes .hhp files allows a remote user to take control of a target machine and execute arbitrary code with the privileges of the user.

The buffer overflow occurs when a long string is supplied as a contents file. The vulnerability has been confirmed in HTML Help Workstation version 4.74.8702.0. Other versions may also be affected, Secunia warned.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »