Help! My box has been owned...


A flaw in the Microsoft Windows help system could be exploited to run arbitrary code with the privileges of the target user, according to a security advisory released this week.

The issue lies in the HTML Help Workshop, which helps developers compress content and graphics into a compiled help file. Organizations may use the Help Workshop to create custom help files for specific internal issues. A buffer overflow in the workshop can be caused by creation of a specially crafted .hhp file, allowing arbitrary code execution with target user privileges. Help! My box has been owned...

Linked by shanmuga Wednesday, 8th February 2006 7:25AM