Security Guide for Windows - Malformed Help File Vulnerability

Malformed Help File Vulnerability

A vulnerability exists in the Microsoft® Windows NT® help utility which could allow arbitrary code to be run on a Windows NT machine.

Issue

The Windows Help utility parses and displays help information for applications. The help information is contained in files of several types that are generated by the Help Compiler (part of the AppWizard utility), and is stored by default in the WINNT\help folder. By default, users can write to this folder. An unchecked buffer exists in the Help utility, and a help file that has been carefully modified could be used to execute arbitrary code on the local machine via a classic buffer overrun technique. Because the Help Compiler's output files do not generate the specific malformation at issue here, this vulnerability could not be accidentally exploited.

The machines primarily at risk from this vulnerability are workstations, terminal servers, and other machines that allow users to log on interactively and add or modify help files. Servers generally do not allow normal users to interactively log on. It is important to note that this vulnerability would affect only the local machine; there is no capability to directly attack a remote machine via this vulnerability.

The patch prevents arbitrary code from being executed on the machine, but does not prevent malformed help files from causing the Help utility to fail. However, failure of the Help utility does not threaten system stability or security, and the Help utility can be restarted without incident.

Affected Products

Microsoft Windows NT 4.0

Solution

A patch can be found at:

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: May 17, 1999

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<

Protection Products

Performance Products

Issue

Affected Products

Solution

Further Details