PT-2004-2232 · Microsoft · Winhlp32.Exe+4

Flashsky

Published

2004-12-31

Updated

2019-04-30

CVE-2004-1306

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Windows NT, Windows 2000 through SP4, Windows XP through SP2, Windows 2003

Description: A heap-based buffer overflow issue exists, allowing remote attackers to execute arbitrary code via a crafted .hlp file. This issue is related to the winhlp32.exe component.

Recommendations: For Windows NT, consider applying security patches or updates to address the issue. For Windows 2000 through SP4, apply the available security patch to fix the problem. For Windows XP through SP2, update to a newer service pack or apply a security patch. For Windows 2003, apply a security patch or update to resolve the issue. As a temporary workaround, consider restricting access to .hlp files or disabling the winhlp32.exe component until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1306

Affected Products

Windows 2000

Windows 2003

Windows Nt

Windows Xp

Winhlp32.Exe

PT-2004-2232 · Microsoft · Winhlp32.Exe+4

CVE-2004-1306

Related Identifiers

Affected Products

References · 6