Saturday, February 27, 2010

Windows XP Internet Explorer 8,7 .HLP vulnerability

It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6
using VBScript. Passing malicious .HLP file to winhlp32 could allow
remote attacker to run arbitrary command.
Additionally, there is a stack overflow vulnerability in winhlp32.exe.

Afected Software: Windows XP SP3

More info:

No comments: