oval:org.mitre.oval:def:1503

Definition Id: oval:org.mitre.oval:def:1503

Oval ID:	oval:org.mitre.oval:def:1503
Title:	Windows 2000 HtmlHelp Heap Overflow
Description:	Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-0201	Version:	2
Platform(s):	Microsoft Windows 2000	Product(s):	HTML Help Facility
Definition Synopsis:
Software section Windows 2000 is installed AND the version of itss.dll is less than 5.2.3790.185 AND NOT the patch kb840315 is installed AND Configuration section NOT HTML Help is registered