• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

RETIRED: Microsoft Windows Help Multiple Remote Vulnerabilities

The Microsoft Windows Help File viewer (winhlp32.exe) is prone to multiple remote vulnerabilities.

These vulnerabilities present themselves when the application handles specially crafted Windows Help (.hlp) files.

A successful attack may let the attacker crash the application or execute arbitrary code in the context of a vulnerable user who opens a malicious file.

Specific information regarding affected versions of Microsoft Windows is currently unavailable.

Update: Since help files can inherently execute arbitrary malicious code, this BID is being retired.