Published: 2006-02-07
The issue lies in the HTML Help Workshop, which helps developers compress content and graphics into a compiled help file. Organizations may use the Help Workshop to create custom help files for specific internal issues. A buffer overflow in the workshop can be caused by creation of a specially crafted .hhp file, allowing arbitrary code execution with target user privileges.
Proof-of-concept code is also available on the advisory website, and Secunia is rating the flaw as "moderately critical." It is unknown at this point if the flaw affects all Windows installations or simply those with Help Workshop installed, however Microsoft believes the vulnerability is limited to the latter.
This isn't the first time that Microsoft’s help system has caused problems, a flaw in Windows XP prior to service pack 1 allowed the deletion of entire directories via a simple URL.
Posted by: Peter Laborge
