Vulnerabilities > CVE-2006-0564 - Remote Security vulnerability in HTML Help Workshop

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
exploit available
metasploit
NVD
Published: 2006-02-06
Updated: 2017-07-20

Summary

Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Exploit-Db

  • descriptionHTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit. CVE-2006-0564,CVE-2009-0133. Local exploit for windows platform
    idEDB-ID:10321
    last seen2016-02-01
    modified2009-12-05
    published2009-12-05
    reporterEncrypt3d.M!nd
    sourcehttps://www.exploit-db.com/download/10321/
    titleHTML Help Workshop 4.74 - hhp Project File Buffer Overflow Exploit
  • descriptionHTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit. CVE-2006-0564. Local exploit for windows platform
    idEDB-ID:16648
    last seen2016-02-02
    modified2010-09-25
    published2010-09-25
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16648/
    titleHTML Help Workshop 4.74 hhp Project File Buffer Overflow Exploit
  • descriptionHTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit. CVE-2006-0564. Local exploit for windows platform
    idEDB-ID:16683
    last seen2016-02-02
    modified2010-09-25
    published2010-09-25
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16683/
    titleHTML Help Workshop 4.74 hhp Project File Buffer Overflow Exploit
  • descriptionMicrosoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit. CVE-2006-0564,CVE-2009-0133. Local exploit for windows platform
    idEDB-ID:1470
    last seen2016-01-31
    modified2006-02-06
    published2006-02-06
    reporterbratax
    sourcehttps://www.exploit-db.com/download/1470/
    titleMicrosoft HTML Help Workshop - .hhp Buffer Overflow Exploit
  • descriptionMicrosoft HTML Help Workshop (.hhp file) Buffer Overflow Exploit (new). CVE-2006-0564,CVE-2009-0133. Local exploit for windows platform
    idEDB-ID:1490
    last seen2016-01-31
    modified2006-02-11
    published2006-02-11
    reporterk3xji
    sourcehttps://www.exploit-db.com/download/1490/
    titleMicrosoft HTML Help Workshop - .hhp Buffer Overflow Exploit 2
  • descriptionMicrosoft HTML Workshop <= 4.74 Universal Buffer Overflow Exploit. CVE-2006-0564,CVE-2009-0133. Local exploit for windows platform
    fileexploits/windows/local/7727.pl
    idEDB-ID:7727
    last seen2016-02-01
    modified2009-01-12
    platformwindows
    port
    published2009-01-12
    reporterSkD
    sourcehttps://www.exploit-db.com/download/7727/
    titleMicrosoft HTML Workshop <= 4.74 - Universal Buffer Overflow Exploit
    typelocal

Metasploit

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/84552/hhw_hhp_contentfile_bof.rb.txt
idPACKETSTORM:84552
last seen2016-12-05
published2009-12-31
reporterbratax
sourcehttps://packetstormsecurity.com/files/84552/HTML-Help-Workshop-4.74-hhp-Project-File-Buffer-Overflow-Exploit.html
titleHTML Help Workshop 4.74 (hhp Project File) Buffer Overflow Exploit

References