Threat Level: green Handler on Duty: Manuel Pelaez

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Exploit for HTML Help Workshop vulnerability

Published: 2006-02-11
Last Updated: 2006-02-12 05:11:36 UTC
by Tony Carothers (Version: 1)
0 comment(s)
Only 5 days after the release of the vulnerability, two exploits are on the street.  Both exploits, tested on WINXP SP2, will give the attacker the ability to run code of her or his choosing on the compromised machine.  As of this writing, a patch has not been made available, as far as we know.

Windows XP SP2 is not vulnerable in its default configuration. Microsoft noted that the HTML Help Workshop SDK has to be installed in order for the exploit to work. This SDK is a self contained download and at this point we are not aware of anything that would bundle this SDK. Given that is is an issue with this particular application, there is a chance that it may be exploitable on Windows versions other then XP SP2.

Summary:
- Vulnerability in HTML Help Workshop SDK, which is not installed by default.
- Exploit tested on Windows XP SP2.
- Exploit may work on other platforms that have HTML Help Workshop SDK installed, but we haven't tested it yet.

Please let us know if you have this SDK installed, in particular if it came bundled with other software.

See this URL for more details:

http://users.pandora.be/bratax/advisories/b008.html
http://msdn.microsoft.com/library/default.asp?
       url=/library/en-us/htmlhelp/html/vsconhh1start.asp

Tony Carothers
Handler on Duty

Keywords:
0 comment(s)
Diary Archives