Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0201

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2004-0201
Last Modified 10 Sep 2008 03:25:29
Published 06 Aug 2004 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0201

Summary

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

Vulnerable Systems

Operating System

  • Avaya Modular Messaging Message Storage Server S3400

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp

Application

  • Avaya Ip600 Media Servers


References

CERT - TA04-196A

CERT-VN - VU#920060

MS - MS04-023

XF - win-htmlhelp-execute-code(16586)

FULLDISC - 20040714 HtmlHelp - .CHM File Heap Overflow


Last Updated: 27 May 2016 10:38:30