Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-023 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability in HTML Help Could Allow Code Execution (840315) |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1186 | |||
Oval ID: | oval:org.mitre.oval:def:1186 | ||
Title: | IE .chm Directory Traversal Windows XP Vulnerability | ||
Description: | Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1041 | Version: | 8 |
Platform(s): | Microsoft Windows XP | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1503 | |||
Oval ID: | oval:org.mitre.oval:def:1503 | ||
Title: | Windows 2000 HtmlHelp Heap Overflow | ||
Description: | Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0201 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1530 | |||
Oval ID: | oval:org.mitre.oval:def:1530 | ||
Title: | Windows XP HtmlHelp Heap Overflow | ||
Description: | Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0201 | Version: | 8 |
Platform(s): | Microsoft Windows XP | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1943 | |||
Oval ID: | oval:org.mitre.oval:def:1943 | ||
Title: | IE .chm Directory Traversal Windows 2000 Vulnerability | ||
Description: | Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1041 | Version: | 2 |
Platform(s): | Microsoft Windows 2000 | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:2155 | |||
Oval ID: | oval:org.mitre.oval:def:2155 | ||
Title: | Windows Server 2003 HtmlHelp Heap Overflow | ||
Description: | Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0201 | Version: | 2 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3179 | |||
Oval ID: | oval:org.mitre.oval:def:3179 | ||
Title: | Windows NT HtmlHelp Heap Overflow | ||
Description: | Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0201 | Version: | 6 |
Platform(s): | Microsoft Windows NT | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3514 | |||
Oval ID: | oval:org.mitre.oval:def:3514 | ||
Title: | IE .chm Directory Traversal Windows Server 2003 Vulnerability | ||
Description: | Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1041 | Version: | 2 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:956 | |||
Oval ID: | oval:org.mitre.oval:def:956 | ||
Title: | IE .chm Directory Traversal Windows NT Vulnerability | ||
Description: | Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2003-1041 | Version: | 6 |
Platform(s): | Microsoft Windows NT | Product(s): | HTML Help Facility |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
7912 | Microsoft IE showHelp() Arbitrary File Execution Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary files. The issue is triggered due to the 'showHelp()' function. It is possible that the flaw may allow a malicious web page, which invokes the 'showHelp()' function to execute known compiled help files (.chm) within the Local Computer security zone, once the page is viewed resulting in a loss of integrity. |
7804 | Microsoft Windows HTML Help Arbitrary Code Execution Microsoft HTML Help application (hh.exe) contains a flaw that may allow a malicious user to remotely execute code. The issue is triggered when a corrupt .chm file is opened with the Help application. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity and/or availability. |
7803 | Microsoft Windows showHelp Arbitrary Code Execution MS Windows contains a flaw that allows a remote attacker to execute arbitrary code outside of the web path. The issue is due to the showhelp() function not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URL target. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-16 | Microsoft Windows showHelp CHM malicious file execution attempt RuleID : 28925 - Revision : 3 - Type : BROWSER-IE |
2014-01-16 | Microsoft Windows showHelp CHM malicious file execution attempt RuleID : 28924 - Revision : 3 - Type : BROWSER-IE |
2014-01-16 | Microsoft Windows showHelp CHM malicious file execution attempt RuleID : 28923 - Revision : 3 - Type : BROWSER-IE |
2014-01-16 | Microsoft Windows showHelp CHM malicious file execution attempt RuleID : 28922 - Revision : 3 - Type : BROWSER-IE |
2014-01-16 | Microsoft Windows showHelp CHM malicious file execution attempt RuleID : 28921 - Revision : 3 - Type : BROWSER-IE |
2014-01-16 | Microsoft Windows showHelp CHM malicious file execution attempt RuleID : 28920 - Revision : 3 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-07-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms04-023.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:01 |
|
2014-01-19 21:29:51 |
|