Home > Security News > Exploit code targets Windows help system
Security News:
EMAIL THIS LICENSING & REPRINTS

Exploit code targets Windows help system

By Bill Brenner, Senior News Writer
07 Feb 2006 | SearchSecurity.com

Security Wire Daily News
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google

Updated Tuesday, Feb. 7, 1:12 p.m. ET with comments from Microsoft.

A vulnerability research site has released details of a security hole attackers could exploit in the Microsoft Windows standard help system to cause a buffer overflow or launch malicious code.

Research site bratax.be said the problem is in Microsoft HTML Help Workshop. "A remote user can cause arbitrary code to be executed on a target computer when the target user opens a malicious .hhp file," bratax said in the advisory. "The code will run with the privileges of the target user."

HTML Help Workshop can be used to create Windows-style help documentation that provides information and assistance specific to a customer's organization, according to information on Microsoft's Web site. An organization can then integrate those topics with the Microsoft Office XP Help system, or combine them with custom Answer Wizard databases.

The advisory notes that the HTML Help Workshop software compresses HTML, graphic and other files into a relatively small compiled help (.chm) file. "An unchecked buffer in the way HTML Help Workshop processes .hhp files allows a remote user to take control over EIP, and thus execute arbitrary code with the privileges of the target user," the researcher said. "The buffer overflow occurs when a long string is supplied as contents file."

The advisory also includes proof-of-concept exploit code, though it's still unclear whether all Windows organizations could be affected by the flaw, or only those that make use of HTML Help Workshop.

Danish vulnerability clearinghouse Secunia confirmed the flaw in an advisory Monday, saying the issue is "moderately critical." The firm confirmed the vulnerability in version 4.74.8702.0 and warned that other versions could also be affected.

Until a patch is released, Secunia recommends users avoid opening untrusted .hhp files.

A Microsoft spokesman confirmed Tuesday that the company is investigating the reported flaw.

"Microsoft is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time and will continue to investigate the public reports to help provide additional guidance for customers as necessary," he said in an e-mail exchange.

Microsoft's initial investigation has revealed that customers who have not installed the HTML Help SDK on their systems are not affected, he said, adding, "By default, no other Microsoft applications or operating systems have the ability to open .hhp files."

Tags: Application Attacks (Buffer Overflows, Cross-Site Scripting)Secure Software DevelopmentWindows XP and Server SecurityVIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google




More Tips to Secure Your Network
Focused on Channel Security?
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts