Microsoft HLINK.DLL Link Memory Corruption Vulnerability

Microsoft HLINK.DLL is prone to a memory-corruption vulnerability. This issue is due to the library's failure to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.

Successfully exploiting this issue allows attackers to execute arbitrary machine code in the context of applications that use the affected library. This facilitates the remote compromise of affected computers. Failed exploit attempts will likely crash targeted applications.

This issue has been shown to be exploitable through Microsoft Office files. Other applications using the affected library may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus