PT-2006-1626 · Microsoft · Html Help 1.4 Sdk+1

Bratax

Published

2006-02-06

Updated

2017-07-20

CVE-2006-0564

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Microsoft HTML Help Workshop version 4.74.8702.0 and possibly earlier versions Microsoft HTML Help 1.4 SDK

Description A stack-based buffer overflow issue allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.

Recommendations For Microsoft HTML Help Workshop version 4.74.8702.0 and possibly earlier versions, update to a newer version to mitigate the risk. For Microsoft HTML Help 1.4 SDK, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting the use of .hhp files with long Contents file fields until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0564

Affected Products

Html Help 1.4 Sdk

Html Help Workshop

PT-2006-1626 · Microsoft · Html Help 1.4 Sdk+1

CVE-2006-0564

Related Identifiers

Affected Products

References · 18