Windows Help System Vulnerability Allowing Local Command Execution
CVE-1999-0975

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows 95; Windows 98
Vendor: CVE Published:; 10 December 1999

What is CVE-1999-0975?

A vulnerability in the Windows Help System allows a local user to execute arbitrary commands on the system by manipulating a .CNT metafile. By modifying the table of contents and the topic action parameters, an attacker can trigger the execution of arbitrary commands when the associated .hlp file is accessed. This exploitation could potentially lead to unauthorized actions being performed under the context of another user.

References

http://www.securityfocus.com/bid/868

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Dec 14, 1999
Vulnerability published
Dec 10, 1999

Microsoft

What is CVE-1999-0975?

References

Timeline