1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS HTML Help Workshop File BO

HTTP MS HTML Help Workshop File BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in Microsoft HTML Help Workshop which may result in remote code execution.

Additional Information

Microsoft HTML Help Workshop is part of Microsoft Office Resource Kit and is used to create help topics that may be integrated with the Office Help system.

Microsoft HTML Help Workshop is reportedly prone to a remote buffer-overflow vulnerability. This issue arises because the application fails to perform boundary checks before copying user-supplied data into sensitive process buffers.

The vulnerability presents itself when the application handles an HTML Help Workshop Project ('.hhp') file containing excessive data as part of the 'Contents file' field. This can result in memory corruption and lead to arbitrary code execution in the context of the vulnerable user.

A successful attack may facilitate remote unauthorized access.

This vulnerability is reported to affect HTML Help Workshop 4.74.8702.0.


Affected

  • Microsoft HTML Help Workshop 4.74.8702

Response

Download and install all vendor patches related to this vulnerability.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube