Article

Exploit code targets Windows help system

Bill Brenner

A vulnerability research site has released details of a security hole attackers could exploit in the Microsoft Windows standard help system to cause a buffer overflow or launch malicious code.

Research site bratax.be

    Requires Free Membership to View

said the problem is in Microsoft HTML Help Workshop. "A remote user can cause arbitrary code to be executed on a target computer when the target user opens a malicious .hhp file," bratax said in the advisory. "The code will run with the privileges of the target user."
More SMB security news

IT security threats to SMBs

End of spam, phishing threats not far off

HTML Help Workshop can be used to create Windows-style help documentation that provides information and assistance specific to a customer's organization, according to information on Microsoft's Web site. An organization can then integrate those topics with the Microsoft Office XP Help system, or combine them with custom Answer Wizard databases.

The advisory notes that the HTML Help Workshop software compresses HTML, graphic and other files into a relatively small compiled help (.chm) file. "An unchecked buffer in the way HTML Help Workshop processes .hhp files allows a remote user to take control over EIP, and thus execute arbitrary code with the privileges of the target user," the researcher said. "The buffer overflow occurs when a long string is supplied as contents file."

The advisory also includes proof-of-concept exploit code, though it's still unclear whether all Windows organizations could be affected by the flaw, or only those that make use of HTML Help Workshop.

Danish vulnerability clearinghouse Secunia confirmed the flaw in an advisory Monday, saying the issue is "moderately critical." The firm confirmed the vulnerability in version 4.74.8702.0 and warned that other versions could also be affected.

Until a patch is released, Secunia recommends users avoid opening untrusted .hhp files.

A Microsoft spokesman confirmed Tuesday that the company is investigating the reported flaw.

"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time and will continue to investigate the public reports to help provide additional guidance for customers as necessary," he said in an e-mail exchange.

Microsoft's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not affected, he said, adding, "By default, no other Microsoft applications or operating systems have the ability to open .hhp files."


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: