CVE-2005-1208

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to XP SP3 and Server 2003 SP2

Description The issue is caused by an integer overflow in Microsoft Windows, allowing remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file. This can be triggered by a large size field that causes a heap-based buffer overflow. The vulnerability can be exploited using a "ms-its:" URL in Internet Explorer.

Recommendations For Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier, update to a newer version to mitigate the risk. For versions prior to XP SP3, apply the necessary patches or updates to resolve the issue. For Server 2003 SP2, ensure all security updates are applied to prevent exploitation.