PT-2004-2278 · Microsoft · Winhlp32.Exe+4

Flashsky

Publicado

2004-12-23

Atualizado

2019-04-30

CVE-2004-1361

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Windows NT Windows 2000 through SP4 Windows XP through SP2 Windows 2003

Description: The issue is caused by an integer underflow in winhlp32.exe, allowing remote attackers to execute arbitrary code via a malformed .hlp file. This leads to a heap-based buffer overflow.

Recommendations: For Windows NT, update to a version that includes the fix for this issue. For Windows 2000 through SP4, apply the necessary patch or update to resolve the issue. For Windows XP through SP2, update to a newer service pack or version that includes the fix. For Windows 2003, apply the necessary patch or update to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2004-1361

Produtos afetados

Windows 2000

Windows 2003

Windows Nt

Windows Xp

Winhlp32.Exe

PT-2004-2278 · Microsoft · Winhlp32.Exe+4

CVE-2004-1361

Identificadores relacionados

Produtos afetados

Referências · 5