Microsoft Windows winhlp32.exe Heap Overflow Vulnerabilities

Vulnerable:  Windows NT, Windows 2000 SP0, Windows 2000 SP1, Windows 2000 SP2, Windows 2000 SP3, Windows 2000 SP4, Windows XP SP0, Windows XP SP1, Windows 2003

There is a vulnerability in Microsoft Windows .hlp file parsing program winhlp32.exe.

The vulnerability is caused due to a decoding error within the windows .hlp header processing.This can be exploited to cause a heap-based buffer overflow.

Complete details in http://www.securityfocus.com/archive/1/385332/2004-12-20/2004-12-26/2

Leave a Reply