HTTP: HTML Help Local Code Execution
This signature detects attempts to exploit a known vulnerability in the Help Center ActiveX control. A remote attacker can use the Help Center to write arbitrary script commands to the local zone, than exploit the zone to download arbitrary content to the startup folder. When the host reboots, the arbitrary content is executed, potentially compromising the system.
Extended Description
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
Affected Products
Microsoft windows_98
Short Name
HTTP:STC:IE:HELPCTR-CODE-EX
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2002-0693 CVE-2004-1043 CVE-2005-1208 Code Execution HTML Help Local bid:5874
Release Date
12/24/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5
10.0
5.0