Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability

Bugtraq ID:	22100
Class:	Boundary Condition Error
CVE:	CVE-2007-0352
Remote:	Yes
Local:	No
Published:	Jan 17 2007 12:00AM
Updated:	Apr 19 2013 02:40AM
Credit:	Discovery is credited to porkythepig.
Vulnerable:	Microsoft Visual Studio .NET 2003 + Microsoft Visual Basic .NET Standard 2003 + Microsoft Visual C# .NET Standard 2003 + Microsoft Visual C++ .NET Standard 2003 + Microsoft Visual J# .NET Standard 2003 Microsoft Visual Studio 6.0 SP6 Microsoft HTML Help Workshop 4.3.2
Not Vulnerable:

Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability

Microsoft Help Workshop fails to properly bounds-check user-supplied input in '.cnt' files.

A malformed '.cnt' file containing an unusually long string may be used to cause a stack-based buffer-overflow, allowing the execution of arbitrary code.

A successful exploit would result in the execution of arbitrary code within the security context of the user running the eaffected application.

Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability

The following exploit was made available:

• /data/vulnerabilities/exploits/22100.c

Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Microsoft Help Workshop .CNT File Buffer Overflow Vulnerability

References:

• Microsoft HTML Help (Microsoft)
  
• Microsoft Help Workshop .CNT contents files buffer overflow vulnerability ([email protected])