Stack-based Buffer Overflow in Microsoft Help Workshop Affects User Assistance
CVE-2007-0427

Currently unrated

Key Information:

Vendor: Microsoft
Status: Html Help Workshop
Vendor: CVE Published:; 23 January 2007

Summary

A stack-based buffer overflow exists in Microsoft Help Workshop version 4.03.0002. This vulnerability can be exploited by attackers to execute arbitrary code on a user's system, triggered by the use of a specially crafted help project (.HPJ) file containing an excessively long HLP field in the OPTIONS section. User assistance is required for this attack, making it potentially dangerous when handling untrusted help files. Performing safe practices when opening help files from unknown sources is highly recommended.

References

http://www.securityfocus.com/bid/22135

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/2177

third-party-advisoryx_refsource_SREASON

http://osvdb.org/31899

vdb-entryx_refsource_OSVDB

EPSS Score

53% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 23, 2007
Vulnerability Reserved
Jan 22, 2007