JSI Tip 1323. Post SP5 HOTFIX for "Malformed Help File" Vulnerability.


"The Windows Help utility parses and displays help information for
applications. The help information is contained in files of several types
that are generated by the Help Compiler (part of the AppWizard utility), and
is stored by default in the WINNT\help folder. By default, users can write
to this folder. An unchecked buffer exists in the Help utility, and a help
file that has been carefully modified could be used to execute arbitrary
code on the local machine via a classic buffer overrun technique."
See Q231605 for additional information.

Get the X86 version or the Alpha version.

The readme contains:

1. This hotfix is packaged in an auto-install format.

   Type the executable name to install it. For example, type "winhlp-i" for x86 
   platforms or "winhlp-a" for Alpha platforms (without the quotation marks).

2. The files can also be extracted from the hotfix without installing them.

   To do this, copy the hotfix to a temporary directory, and type "winhlp-i /x"
   or "winhlp-a /x" (without the quotation marks).
     
   After extracting the files, the hotfix can be installed by typing "hotfix"
   (without the quotation marks).

NOTE: To obtain the symbol files, simply follow the instructions in step 2 above.
See tip 0068 for how the hotfix is recorded.
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish