PT-2004-2278 · Microsoft · Winhlp32.Exe+4

Flashsky

Published

2004-12-23

Updated

2019-04-30

CVE-2004-1361

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: Windows NT Windows 2000 through SP4 Windows XP through SP2 Windows 2003

Description: The issue is caused by an integer underflow in winhlp32.exe, allowing remote attackers to execute arbitrary code via a malformed .hlp file. This leads to a heap-based buffer overflow.

Recommendations: For Windows NT, update to a version that includes the fix for this issue. For Windows 2000 through SP4, apply the necessary patch or update to resolve the issue. For Windows XP through SP2, update to a newer service pack or version that includes the fix. For Windows 2003, apply the necessary patch or update to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1361

Affected Products

Windows 2000

Windows 2003

Windows Nt

Windows Xp

Winhlp32.Exe

PT-2004-2278 · Microsoft · Winhlp32.Exe+4

CVE-2004-1361

Related Identifiers

Affected Products

References · 5