Vulnerabilities > CVE-2007-0427 - Unspecified vulnerability in Microsoft Html Help Workshop 4.03.0002
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN microsoft
exploit available
Summary
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | Microsoft Help Workshop 4.03.0002 (.CNT) Buffer Overflow Exploit. CVE-2007-0352,CVE-2007-0427. Local exploit for windows platform |
| file | exploits/windows/local/3149.cpp |
| id | EDB-ID:3149 |
| last seen | 2016-01-31 |
| modified | 2007-01-17 |
| platform | windows |
| port | |
| published | 2007-01-17 |
| reporter | porkythepig |
| source | https://www.exploit-db.com/download/3149/ |
| title | Microsoft Help Workshop 4.03.0002 - .CNT Buffer Overflow Exploit |
| type | local |
Saint
| bid | 22135 |
| description | Microsoft Help Workshop .HPJ file HLP field buffer overflow |
| id | misc_mshelpworkshop |
| osvdb | 31899 |
| title | microsoft_help_workshop_hlp |
| type | client |
References
- http://osvdb.org/31899
- http://osvdb.org/31899
- http://secunia.com/advisories/23862
- http://secunia.com/advisories/23862
- http://securityreason.com/securityalert/2177
- http://securityreason.com/securityalert/2177
- http://www.anspi.pl/~porkythepig/visualization/hpj-x01.cpp
- http://www.anspi.pl/~porkythepig/visualization/hpj-x01.cpp
- http://www.securityfocus.com/archive/1/457436/100/0/threaded
- http://www.securityfocus.com/archive/1/457436/100/0/threaded
- http://www.securityfocus.com/bid/22135
- http://www.securityfocus.com/bid/22135