Heap-Based Buffer Overflow in Microsoft Windows Help Product
CVE-2006-1591

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Nt; Windows Xp; Windows 2003 Server; Windows 2000
Vendor: CVE Published:; 3 April 2006

What is CVE-2006-1591?

A heap-based buffer overflow exists in Microsoft Windows Help due to improper handling of crafted image data in .hlp files. This vulnerability allows user-assisted attackers to execute arbitrary code on the affected systems whenever a malicious .hlp file is opened. The flaw is linked to the execution of the winhlp32.exe process, making it crucial for users to exercise caution when handling help files from untrusted sources.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/25573

vdb-entryx_refsource_XF

http://www.open-security.org/advisories/15

x_refsource_MISC

http://www.securityfocus.com/archive/1/430871/100/0/threaded

mailing-listx_refsource_BUGTRAQ

EPSS Score

28% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 3, 2006
Vulnerability Reserved
Apr 2, 2006