• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Hyperlink Object Library Function Remote Buffer Overflow Vulnerability

Microsoft's Hyperlink Object Library is prone to a buffer-overflow vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the affected library. This facilitates the remote compromise of affected computers. Failed exploit attempts will likely crash targeted applications.

This issue is different from the one described in BID 18500 (Microsoft HLINK.DLL Link Memory Corruption Vulnerability).