Heap-based Buffer Overflow Vulnerability in Microsoft HtmlHelp
CVE-2004-0201

Currently unrated

Key Information:

Vendor: Avaya
Status: Definity One Media Server; S8100; Ip600 Media Servers
Vendor: CVE Published:; 6 August 2004

Summary

A heap-based buffer overflow exists in the HtmlHelp program (hh.exe) in Microsoft's HTML Help service, which affects several older versions of Windows. This vulnerability permits remote attackers to execute arbitrary commands by crafting malicious .CHM files with unusually long length fields. The flaw is distinct from previous vulnerabilities and highlights the importance of maintaining updated software and cautious file handling practices.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.kb.cert.org/vuls/id/920060

third-party-advisoryx_refsource_CERT-VN

http://www.us-cert.gov/cas/techalerts/TA04-196A.html

third-party-advisoryx_refsource_CERT

EPSS Score

38% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 6, 2004
Vulnerability Reserved
Mar 11, 2004