Vulnerabilities > CVE-2006-1591 - Heap Overflow vulnerability in Microsoft Windows Help Image Processing

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

microsoft

NVD

Published: 2006-04-03

Updated: 2019-04-30

Summary

Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.

Vulnerable Configurations

Part	Description	Count
OS	Microsoft Microsoft Windows 2000 * Microsoft Windows 2003 Server Enterprise Microsoft Windows 2003 Server R2 Microsoft Windows 2003 Server Standard Microsoft Windows 2003 Server Web Microsoft Windows NT 4.0 Microsoft Windows XP *	52

References

http://lists.grok.org.uk/pipermail/full-disclosure/2006-March/044748.html
http://securityreason.com/securityalert/700
http://www.open-security.org/advisories/15
http://www.securityfocus.com/archive/1/430871/100/0/threaded
http://www.securityfocus.com/bid/17325
https://exchange.xforce.ibmcloud.com/vulnerabilities/25573