Buffer Overrun in Winhlp32.exe

Reported August 1, 2002, by Mark Litchfield.

VERSION AFFECTED

· Windows 2000 Service Pack 2 (SP2) winhlp32.exe

DESCRIPTION

A buffer overrun vulnerability exists in winhlp32.exe that can result in the execution of arbitrary code on the vulnerable system. This vulnerability stems from a flaw in the WinHlp command's Item parameter. This exploit would execute in the security context of the currently logged-on user. A detailed advisory is available on the discoverer’s Web site.

 

DEMONSTRATION

The discoverer posted the following demonstration, which will display Calculator under Win2K SP2 as proof-of-concept:

VENDOR RESPONSE

The vendor, Microsoft, has released Win2K SP3, which includes a fix for this vulnerability.

CREDIT
Discovered by Mark Litchfield of NGSSoftware.

TAGS: Security
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish