Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability

The Microsoft Windows 2000 Help facility does not perform sufficient bounds checking on .cnt files. If a .cnt file containing an unusually long :Link URI was opened by the Windows Help facility, a buffer would be overrun, allowing the execution of arbitrary code.