• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Windows Hyperlink Object Library Buffer Overflow Vulnerability

The Microsoft Windows Hyperlink Object Library is reported prone to a buffer overflow vulnerability. An attacker may exploit this condition to execute arbitrary code on a vulnerable computer, which may grant unauthorized access to the computer or lead to privilege escalation.

It is reported that issue presents itself when a user follows a malformed link specially crafted by an attacker, however, other attack vectors also exist to exploit this vulnerability. Specifically, an application that employs the affected library by accepting and supplying parameters to the library may allow an attacker to exploit this vulnerability remotely and without user interaction.

Local attacker vectors exist to exploit this vulnerability as well. Reportedly, an attacker with local interactive access to a vulnerable computer may pass a malicious payload to an application that supplies parameters to the affected library.