Exploit code targets Windows help system

Attackers could take advantage of a flaw in Microsoft HTML Help Workshop to cause a buffer overflow or launch malicious code. Exploit code is in the wild.

A vulnerability research site has released details of a security hole attackers could exploit in the Microsoft Windows standard help system to cause a buffer overflow or launch malicious code.

Research site bratax.be said the problem is in Microsoft HTML Help Workshop. "A remote user can cause arbitrary code to be executed on a target computer when the target user opens a malicious .hhp file," bratax said in the advisory. "The code will run with the privileges of the target user."

More SMB security news

IT security threats to SMBs

End of spam, phishing threats not far off

HTML Help Workshop can be used to create Windows-style help documentation that provides information and assistance specific to a customer's organization, according to information on Microsoft's Web site. An organization can then integrate those topics with the Microsoft Office XP Help system, or combine them with custom Answer Wizard databases.

The advisory notes that the HTML Help Workshop software compresses HTML, graphic and other files into a relatively small compiled help (.chm) file. "An unchecked buffer in the way HTML Help Workshop processes .hhp files allows a remote user to take control over EIP, and thus execute arbitrary code with the privileges of the target user," the researcher said. "The buffer overflow occurs when a long string is supplied as contents file."

The advisory also includes proof-of-concept exploit code, though it's still unclear whether all Windows organizations could be affected by the flaw, or only those that make use of HTML Help Workshop.

Danish vulnerability clearinghouse Secunia confirmed the flaw in an advisory Monday, saying the issue is "moderately critical." The firm confirmed the vulnerability in version 4.74.8702.0 and warned that other versions could also be affected.

Until a patch is released, Secunia recommends users avoid opening untrusted .hhp files.

A Microsoft spokesman confirmed Tuesday that the company is investigating the reported flaw.

"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time and will continue to investigate the public reports to help provide additional guidance for customers as necessary," he said in an e-mail exchange.

Microsoft's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not affected, he said, adding, "By default, no other Microsoft applications or operating systems have the ability to open .hhp files."

Dig deeper on Data centers and virtualization for Small Business

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close