Exploit code targets Windows help system

By Bill Brenner, Senior News Writer 07 Feb 2006 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Updated Tuesday, Feb. 7, 1:12 p.m. ET with comments from Microsoft.

A vulnerability research site has released details of a security hole attackers could exploit in the Microsoft Windows standard help system to cause a buffer overflow or launch malicious code.

Research site bratax.be said the problem is in Microsoft HTML Help Workshop. "A remote user can cause arbitrary code to be executed on a target computer when the target user opens a malicious .hhp file," bratax said in the advisory. "The code will run with the privileges of the target user."

HTML Help Workshop can be used to create Windows-style help documentation that provides information and assistance specific to a customer's organization, according to information on Microsoft's Web site. An organization can then integrate those topics with the Microsoft Office XP Help system, or combine them with custom Answer Wizard databases.

The advisory notes that the HTML Help Workshop software compresses HTML, graphic and other files into a relatively small compiled help (.chm) file. "An unchecked buffer in the way HTML Help Workshop processes .hhp files allows a remote user to take control over EIP, and thus execute arbitrary code with the privileges of the target user," the researcher said. "The buffer overflow occurs when a long string is supplied as contents file."

The advisory also includes proof-of-concept exploit code, though it's still unclear whether all Windows organizations could be affected by the flaw, or only those that make use of HTML Help Workshop.

Danish vulnerability clearinghouse Secunia confirmed the flaw in an advisory Monday, saying the issue is "moderately critical." The firm confirmed the vulnerability in version 4.74.8702.0 and warned that other versions could also be affected.

Until a patch is released, Secunia recommends users avoid opening untrusted .hhp files.

A Microsoft spokesman confirmed Tuesday that the company is investigating the reported flaw.

"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time and will continue to investigate the public reports to help provide additional guidance for customers as necessary," he said in an e-mail exchange.

Microsoft's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not affected, he said, adding, "By default, no other Microsoft applications or operating systems have the ability to open .hhp files."

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting),  Software Development Methodology,  Windows Security: Alerts, Updates and Best Practices,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) PCI management: The case for Web application firewalls Month of Twitter Bugs project to document Twitter flaws Adobe issues first quarterly patch release fixing 13 flaws Balancing security and performance: Protecting layer 7 on the network Adobe issues Reader update fixing zero-day flaw The Pipe Dream of No More Free Bugs Security Squad: Federal cybersecurity defenses Oracle issues 43 updates, fixes serious database flaws Attackers target new Microsoft PowerPoint zero-day flaw How to detect input validation errors and vulnerabilities Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Software Development Methodology nCircle statistics show rising Web application vulnerabilities Common PCI questions: Web application firewalls or source code review? Juniper pulls ATM hacking presentation from Black Hat V.i Labs integrates Google maps to track software piracy Software Piracy pandemic needs government role, better vendor antipiracy plans Software piracy losses total $53 billion, study finds Google study backs browser silent auto update feature Secure software development starts before coding begins Security budget issues to resonate at RSA Conference Twitter worm attack highlights social network flaws Windows Security: Alerts, Updates and Best Practices When BIOS updates become malware attacks Microsoft patches WebDAV security vulnerability in bevy of updates Microsoft plans 10 security updates, fixing IE, Word, Excel vulnerabilities Hackers targeting unpatched Microsoft DirectShow flaw Microsoft warns of IIS zero-day vulnerability Microsoft updates Office to address serious PowerPoint vulnerabilities Microsoft to patch critical PowerPoint zero-day flaw How to perform Microsoft Baseline Security Analyzer (MBSA) scans Microsoft patches serious Excel zero-day, Windows flaws Microsoft Stirling Beta 2 release includes Exchange SaaS offering

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary buffer overflow  (SearchSecurity.com) cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary