Vulnerabilities > CVE-2004-1361 - Integer Overflow vulnerability in Microsoft Windows winhlp32 Phrase

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

microsoft

NVD

Published: 2004-12-23

Updated: 2019-04-30

Summary

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server Enterprise_64-Bit Microsoft Windows 2003 Server R2 Microsoft Windows 2003 Server Standard Microsoft Windows 2003 Server Web Microsoft Windows NT 4.0 Microsoft Windows XP *	56

References

http://marc.info/?l=bugtraq&m=110383690219440&w=2
http://www.securityfocus.com/bid/12091
http://www.xfocus.net/flashsky/icoExp/
https://exchange.xforce.ibmcloud.com/vulnerabilities/18678