Critical

CVE-2004-0201 - Unspecified vulnerability in multiple products

Publication: 2004-08-06
Summary

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Avaya Ip600 Media Servers
  • Microsoft Windows XP
  • Avaya S8100
  • Avaya Modular Messaging Message Storage Server s3400
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2000
  • Microsoft Windows 2003 Server enterprise
  • Microsoft Windows 2003 Server enterprise_64-bit
  • Microsoft Windows 2003 Server r2
  • Microsoft Windows 2003 Server r2
  • Microsoft Windows 2003 Server standard
  • Microsoft Windows 2003 Server web
  • Microsoft Windows 98
  • Microsoft Windows 98se
  • Microsoft Windows ME
  • Microsoft Windows NT 4.0
  • Avaya Definity ONE Media Server
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows NT 4.0
  • Microsoft Windows XP
  • Microsoft Windows XP
  • Microsoft Windows XP
  • Microsoft Windows XP
  • Microsoft Windows NT 4.0