{"vuid":"VU#124460","idnumber":"124460","name":"Microsoft HTML Help Workshop buffer overflow","keywords":["Microsoft","HTML Help Workshop","buffer overflow",".hhp files","Contents file field",".chm file"],"overview":"A buffer overflow in Microsoft HTML Help Workshop may allow a remote attacker to execute arbitrary code on a vulnerable system.","clean_desc":"Microsoft HTML Help provides a standard help system for the Windows operating system. HTML Help Workshop is a component of the software development kit for HTML Help. A lack of validation on  the Contents file field within HTML Help Workshop Project files headers may allow a stack-based buffer overflow to occur. Note that Microsoft HTML Help Workshop is not installed by default on any version of Microsoft Windows. Exploit code for this vulnerability is publicly available.","impact":"By persuading a user to access a specially crafted HTML Help Workshop Project files (.hhp), a remote attacker may be able to execute arbitrary code.","resolution":"We are unaware of a practical solution to this problem, however we suggest the following workaround to reduce the chances of exploitation:","workarounds":"Do not access HTML Help Workshop Project files from untrusted sources Exploitation occurs if a user has the HTML Help SDK  installed and accesses a specially crafted HTML Help Workshop Project file. By only accessing  Help Workshop Project files from known and trusted sources, the chances of exploitation are reduced.","sysaffected":"","thanks":"This vulnerability was reported by bratax.","author":"This document was written by Jeff Gennari.","public":["http://users.pandora.be/bratax/advisories/b008.html","http://secunia.com/advisories/18740/","http://eagle.blacksecurity.org/stuff/unl0ck/adv/55k700106.txt.","http://msdn.microsoft.com/library/default.asp?url=/library/en-us/htmlhelp/html/vsconHH1Start.asp","http://archives.neohapsis.com/archives/ntbugtraq/2005-q2/0056.html"],"cveids":["CVE-2006-0564"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2006-02-09T15:11:43Z","publicdate":"2006-02-06T00:00:00Z","datefirstpublished":"2006-02-13T15:39:18Z","dateupdated":"2006-02-14T18:19:36Z","revision":51,"vrda_d1_directreport":"0","vrda_d1_population":"2","vrda_d1_impact":"3","cam_widelyknown":"20","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"10","cam_impact":"18","cam_easeofexploitation":"11","cam_attackeraccessrequired":"20","cam_scorecurrent":"17.0775","cam_scorecurrentwidelyknown":"17.0775","cam_scorecurrentwidelyknownexploited":"31.9275","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.0775,"vulnote":null}