Vulnerabilities > CVE-2004-1306 - Heap Overflow vulnerability in Microsoft Windows winhlp32 Phrase

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

microsoft

exploit available

NVD

Published: 2004-12-31

Updated: 2019-04-30

Summary

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 2003 Server Datacenter_64-Bit Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server Enterprise_64-Bit Microsoft Windows 2003 Server R2 Microsoft Windows 2003 Server Standard Microsoft Windows 2003 Server Web Microsoft Windows NT 4.0 Microsoft Windows XP *	58

Exploit-Db

description	Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability. CVE-2004-1306 . Remote exploit for windows platform
id	EDB-ID:25049
last seen	2016-02-03
modified	2004-12-23
published	2004-12-23
reporter	flashsky fangxing
source	https://www.exploit-db.com/download/25049/
title	Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References