Short Name |
HTTP:STC:CLSID:ACTIVEX:WH32-OF |
---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
WinHelp32.exe Remote Buffer Overrun |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability against Microsoft HTML Help, which provides functionality for Windows help systems. Help ActiveX control (Hhctrl.ocx) is used by winhelp32.exe. Winhlp performs insufficient bounds checking of the Item parameter in the WinHlp command. Attackers can embed a call to the vulnerable ActiveX control in a malicious Web page or HTML e-mail to execute arbitrary commands as the Internet Explorer user.
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.