Heap-based Buffer Overflow Vulnerability in Microsoft HtmlHelp
CVE-2004-0201

Currently unrated

Key Information:

Vendor

Avaya
Status
Definity One Media Server
S8100
Ip600 Media Servers
Vendor
CVE Published:
6 August 2004

What is CVE-2004-0201?

A heap-based buffer overflow exists in the HtmlHelp program (hh.exe) in Microsoft's HTML Help service, which affects several older versions of Windows. This vulnerability permits remote attackers to execute arbitrary commands by crafting malicious .CHM files with unusually long length fields. The flaw is distinct from previous vulnerabilities and highlights the importance of maintaining updated software and cautious file handling practices.

References

https://oval.cisecurity.org/repository/search/definition/...
vdb-entrysignaturex_refsource_OVAL
http://www.kb.cert.org/vuls/id/920060
third-party-advisoryx_refsource_CERT-VN
http://www.us-cert.gov/cas/techalerts/TA04-196A.html
third-party-advisoryx_refsource_CERT

EPSS Score

45% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.