Microsoft Windows HTML Help API Privilege Escalation Vulnerability

Bugtraq ID: 8884
Class: Access Validation Error
CVE:
Remote: No
Local: Yes
Published: Oct 24 2003 12:00AM
Updated: Oct 24 2003 12:00AM
Credit: Discovered by "Brett Moore" <brett.moore@security-assessment.com>. This issue was also discovered independantly by Snosoft.
Vulnerable: Microsoft HTML Help Control 5.2.3735 .1
+ Microsoft Windows 2000 Advanced Server SP4
+ Microsoft Windows 2000 Advanced Server SP3
+ Microsoft Windows 2000 Advanced Server SP2
+ Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Datacenter Server SP4
+ Microsoft Windows 2000 Datacenter Server SP3
+ Microsoft Windows 2000 Datacenter Server SP2
+ Microsoft Windows 2000 Datacenter Server SP1
+ Microsoft Windows 2000 Datacenter Server
+ Microsoft Windows 2000 Professional SP4
+ Microsoft Windows 2000 Professional SP3
+ Microsoft Windows 2000 Professional SP2
+ Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Server SP4
+ Microsoft Windows 2000 Server SP3
+ Microsoft Windows 2000 Server SP2
+ Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server Japanese Edition
+ Microsoft Windows 2000 Terminal Services SP4
+ Microsoft Windows 2000 Terminal Services SP3
+ Microsoft Windows 2000 Terminal Services SP2
+ Microsoft Windows 2000 Terminal Services SP1
+ Microsoft Windows 2000 Terminal Services
+ Microsoft Windows 98 SP1
+ Microsoft Windows 98 j
+ Microsoft Windows 98 b
+ Microsoft Windows 98 a
+ Microsoft Windows 98
+ Microsoft Windows 98 With Plus! Pack
+ Microsoft Windows 98SE
+ Microsoft Windows ME
+ Microsoft Windows NT 3.5.1 SP5 alpha
+ Microsoft Windows NT 3.5.1 SP5
+ Microsoft Windows NT 3.5.1 SP4
+ Microsoft Windows NT 3.5.1 SP3
+ Microsoft Windows NT 3.5.1 SP2
+ Microsoft Windows NT 3.5.1 SP1
+ Microsoft Windows NT 3.5.1
+ Microsoft Windows NT 4.0 SP6a alpha
+ Microsoft Windows NT 4.0 SP6a
+ Microsoft Windows NT 4.0 SP6 alpha
+ Microsoft Windows NT 4.0 SP6
+ Microsoft Windows NT 4.0 SP5 alpha
+ Microsoft Windows NT 4.0 SP5
+ Microsoft Windows NT 4.0 SP4 alpha
+ Microsoft Windows NT 4.0 SP4
+ Microsoft Windows NT 4.0 SP3 alpha
+ Microsoft Windows NT 4.0 SP3 alpha
+ Microsoft Windows NT 4.0 SP3
+ Microsoft Windows NT 4.0 SP2 alpha
+ Microsoft Windows NT 4.0 SP2
+ Microsoft Windows NT 4.0 SP1 alpha
+ Microsoft Windows NT 4.0 SP1
+ Microsoft Windows NT 4.0 alpha
+ Microsoft Windows NT 4.0
+ Microsoft Windows NT 3.5
+ Microsoft Windows NT Enterprise Server 4.0 SP6a
+ Microsoft Windows NT Enterprise Server 4.0 SP6
+ Microsoft Windows NT Enterprise Server 4.0 SP5
+ Microsoft Windows NT Enterprise Server 4.0 SP4
+ Microsoft Windows NT Enterprise Server 4.0 SP3
+ Microsoft Windows NT Enterprise Server 4.0 SP2
+ Microsoft Windows NT Enterprise Server 4.0 SP1
+ Microsoft Windows NT Enterprise Server 4.0
+ Microsoft Windows NT Server 4.0 SP6a
+ Microsoft Windows NT Server 4.0 SP6
+ Microsoft Windows NT Server 4.0 SP5
+ Microsoft Windows NT Server 4.0 SP4
+ Microsoft Windows NT Server 4.0 SP3
+ Microsoft Windows NT Server 4.0 SP2
+ Microsoft Windows NT Server 4.0 SP1
+ Microsoft Windows NT Server 4.0
+ Microsoft Windows NT Terminal Server 4.0 SP6
+ Microsoft Windows NT Terminal Server 4.0 SP5
+ Microsoft Windows NT Terminal Server 4.0 SP4
+ Microsoft Windows NT Terminal Server 4.0 SP3
+ Microsoft Windows NT Terminal Server 4.0 SP2
+ Microsoft Windows NT Terminal Server 4.0 SP1
+ Microsoft Windows NT Terminal Server 4.0 alpha
+ Microsoft Windows NT Terminal Server 4.0
+ Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows NT Workstation 4.0 SP6
+ Microsoft Windows NT Workstation 4.0 SP5
+ Microsoft Windows NT Workstation 4.0 SP4
+ Microsoft Windows NT Workstation 4.0 SP3
+ Microsoft Windows NT Workstation 4.0 SP2
+ Microsoft Windows NT Workstation 4.0 SP1
+ Microsoft Windows NT Workstation 4.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition Version 2003
+ Microsoft Windows XP Embedded SP1
+ Microsoft Windows XP Embedded
+ Microsoft Windows XP Home SP1
+ Microsoft Windows XP Home
+ Microsoft Windows XP Media Center Edition
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Tablet PC Edition
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus