Microsoft Investigates HTML Help Flaw Warning

Microsoft's security response team is investigating reports of a remotely exploitable buffer overflow in HTML Help Workshop, the standard help system for the Windows platform. The software vendor's investigation follows the public release of a proof-of-concept exploit for the flaw, which is caused by a boundary error within the handling of a ".hhp" file.

Security alerts aggregator Secunia, based in Copenhagen, Denmark, rated the issue as "moderately critical" and warned that a successful attack could cause harmful code to be executed when a malicious .hhp file is opened. Microsoft Investigates HTML Help Flaw Warning

Linked by shanmuga Tuesday, 7th February 2006 1:29AM