Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1361

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1361
Last Modified 05 Sep 2008 04:41:06
Published 23 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1361

Summary

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Nt 4.0

  • Microsoft Windows Xp


References

XF - win-winhlp32-bo(18678)

MISC - http://www.xfocus.net/flashsky/icoExp/

BID - 12091

BUGTRAQ - 20041223 Microsoft Windows winhlp32.exe Heap Overflow Vulnerability


Last Updated: 27 May 2016 10:39:00