Windows Help System Buffer Overflow

October 2nd, 2002

NGSSoftware Insight Security Research Advisory

Name: Windows Help System Buffer Overflow

Systems: Windows XP,2000,NT,ME and 98

Severity: High Risk

Category: Buffer Overflow Vulnerability

Vendor URL: http://www.microsoft.com/

Author: David Litchfield (david@ngssoftware.com)

Advisory URL: http://www.ngssoftware.com/advisories/ms-winhlp.txt

Date: 2nd October 2002

Advisory number: #NISR02102002

Introduction

************

The Windows Help system includes an ActiveX control known as the HTML Help

Control, hhctrl.ocx. The “Alink” function of this control is vulnerable to a

buffer overflow that can be exploited to gain control of the user’s machine.

Details

*******

By providing an overly long parameter to the vulnerable function an internal

buffer is overflowed and program control structures can be overwritten

allowing an attacker to remotely gain control of their victim’s PC. This

could be done by enticing the victim to a website that contained a webpage

that exploits the vulnerability or by sending the victim an HTML mail. When

opened in Outlook the overflow will be triggered.

Fix Information

***************

Microsoft have produced a patch which is available from their web site.

More details are available from

http://www.microsoft.com/technet/treeview/?url=/technet/security/bulletin/MS02-055.asp

Section Navigation


SC Awards 2008


SC Magazine Awards 2008

NGSSoftware wins 'Best Security Company'.

ITA 2008


2008 International Trade Awards

NGSSoftware named as South-East England regional winners at the 2008 International Trade Awards.

SLBA 2008


South London Business Awards 2008

David Litchfield named as 'Entrepreneur of the Year' at the South London Business Awards 2008.

Latest Vacancies

Experienced CLAS consultant

NGSSoftware are seeking an experienced CLAS consultant capable of writing Security Targets and Evaluation Work Plans for CTAS.

Please send us your CV or resume.

NGS Offices

NGS have offices located in London & St Andrews (UK) and Sydney (Australia).

NGS Consulting

Why do companies around the world – and around the corner – turn to NGS?

Discover what we could do for your business »

NGS Security Training

Find out why we have provided training to some of the world's most security conscious organisations.

Learn from the best!

Speaking Events

We regularly present and speak at international security conferences throughout the world.

OWASP AppSec Europe 2008

AusCERT 2008

ITWeb Security Summit

Customer Testimonials

Read what some of our satisfied customers are saying about us.

NGS Publications

Web Application Hacker's Handbook

Oracle Hacker's Handbook

Database Hacker's Handbook

The Shellcoder's Handbook

SQL Server Security

Configuring IPCop Firewalls


CHECK