Buffer Overflow Vulnerability in Microsoft HTML Help Workshop Affects Multiple Versions
CVE-2009-0133

Currently unrated

Key Information:

Vendor: Microsoft
Status: Html Help Workshop
Vendor: CVE Published:; 15 January 2009

Summary

A buffer overflow vulnerability exists in Microsoft HTML Help Workshop versions 4.74 and earlier, enabling context-dependent attackers to execute arbitrary code by crafting a malicious .hhp file with an excessively lengthy 'Index file' field. This situation poses significant security risks, as it can lead to unauthorized access to sensitive system functions and data, potentially comparable to previously identified issues.

References

https://www.exploit-db.com/exploits/7727

exploitx_refsource_EXPLOIT-DB

http://securityreason.com/securityalert/4914

third-party-advisoryx_refsource_SREASON

EPSS Score

72% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 15, 2009
Vulnerability Reserved
Jan 15, 2009