OSVDB ID: 86768

Title: Microsoft Windows Help File Viewer (winhlp32.exe) HLP File Handling Buffer Overflow

Info

Disclosure

Oct 28, 2012

Discovery

Unknown

Dates

Exploit

Oct 28, 2012

Solution

Unknown

Description

Microsoft Windows contains an overflow condition in the Windows Help facility. The issue is triggered as the Windows Help File Viewer (winhlp32.exe) does not properly validate user-supplied input when parsing Windows Help files. With a specially crafted HLP file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: None Required
Exploit: Exploit Public
Disclosure: Third-party Disputed, Uncoordinated Disclosure
OSVDB: Myth / Fake

Solution

The reported vulnerability has been determined to be incorrect. No solution is required.

Products

Microsoft Corporation

Windows Help

5.1.2600

References

Exploit Database: 22303
Mail List Post: http://seclists.org/fulldisclosure/2012/Oct/199
http://seclists.org/fulldisclosure/2012/Oct/201
http://seclists.org/fulldisclosure/2012/Oct/206
http://seclists.org/fulldisclosure/2012/Oct/207
Vendor URL: http://www.microsoft.com/en-us/default.aspx/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86768