CVE-2004-0201

Description

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

Affected products

• Avaya / definity_one_media_server
• Avaya / ip600_media_servers
• Avaya / modular_messaging_message_storage_servers3400 – s3400
• Avaya / s8100
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2000
• Microsoft / windows_2003_serverstandard – standard
• Microsoft / windows_2003_serverr2 – r2
• Microsoft / windows_2003_serverr2 – r2
• Microsoft / windows_2003_serverweb – web
• Microsoft / windows_2003_serverenterprise – enterprise
• Microsoft / windows_2003_serverenterprise_64-bit – enterprise_64-bit
• Microsoft / windows_98
• Microsoft / windows_98se
• Microsoft / windows_me
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_nt4.0 – 4.0
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp
• Microsoft / windows_xp

References

• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2155
• MISChttp://www.kb.cert.org/vuls/id/920060
• MISChttp://www.us-cert.gov/cas/techalerts/TA04-196A.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1530
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1503
• MISChttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-023
• MAILING_LISThttp://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023919.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3179
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/16586