Vulnerabilities > CVE-2004-1361 - Unspecified vulnerability in Microsoft products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

microsoft

NVD

Published: 2004-12-23

Updated: 2019-04-30

Summary

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows NT 4.0 Microsoft Windows 2003 Server Web Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server Enterprise_64-Bit Microsoft Windows 2003 Server Standard Microsoft Windows 2003 Server R2 Microsoft Windows XP * Microsoft Windows 2000 *	56

References

http://www.xfocus.net/flashsky/icoExp/
http://www.securityfocus.com/bid/12091
http://marc.info/?l=bugtraq&m=110383690219440&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18678