VULHUB ™

Microsoft has reported two vulnerabilities in its Windows Help Facilities. The first vulnerability is in a function exposed in an ActiveX control. Attackers may invoke and exploit the control through a malicious webpage or HTML email. The vulnerability is a buffer overflow condition and may be levaraged by attackers to execute arbitrary code on victim systems. Any code executed would run in the security context of Explorer. The second vulnerability involves Compiled Help Files (chm) and may allow for attackers to execute commands on the victim host. The Help Facilities component will execute potentially malicious .chm files in the Temporary Internet Files folder. This behaviour has been corrected in a patch developed by Microsoft. **Note: This database entry is temporary. New vulnerabilities are to be given unique Bugtraq IDs and alerts will be published for each individual issue. This BID will be retired when analysis is complete.

Microsoft has reported two vulnerabilities in its Windows Help Facilities. The first vulnerability is in a function exposed in an ActiveX control. Attackers may invoke and exploit the control through a malicious webpage or HTML email. The vulnerability is a buffer overflow condition and may be levaraged by attackers to execute arbitrary code on victim systems. Any code executed would run in the security context of Explorer. The second vulnerability involves Compiled Help Files (chm) and may allow for attackers to execute commands on the victim host. The Help Facilities component will execute potentially malicious .chm files in the Temporary Internet Files folder. This behaviour has been corrected in a patch developed by Microsoft. **Note: This database entry is temporary. New vulnerabilities are to be given unique Bugtraq IDs and alerts will be published for each individual issue. This BID will be retired when analysis is complete.