PT-2007-1898 · Microsoft · Help Workshop
Porkythepig
·
Published
2007-01-23
·
Updated
2018-10-16
·
CVE-2007-0427
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Microsoft Help Workshop version 4.03.0002
Description
The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved through a help project (.HPJ) file with a long HLP field in the OPTIONS section.
Recommendations
For Microsoft Help Workshop version 4.03.0002, consider avoiding the use of .HPJ files with long HLP fields in the OPTIONS section until a fix is available. As a temporary workaround, restrict the handling of .HPJ files to minimize the risk of exploitation.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Help Workshop