| VID |
26030 |
| Severity |
40 |
| Port |
139 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The hotfix (Q323255) for the "Multiple Vulnerabilities in Windows Help Facility" has not been applied. An unchecked buffer in Windows help could allow an attacker to could gain control over user's system.
The HTML Help facility in Windows includes an ActiveX Control (hhctrl.ocx) that provides much of its functionality. One of the functions exposed via the control contains an unchecked buffer, which could be exploited by a web page hosted on an attacker's site or sent to a user as an HTML email. An attacker who successfully exploited the vulnerability can execute commands on the system with the same privileges as the victim.
A second vulnerability exists because of flaws associated with the handling of compiled HTML Help (.chm) files that contain shortcuts. This vulnerability allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed.
The HTML Help facility in Windows systems uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder. A remote attacker could create this file containing a shortcut that could link to a malicious executable. If the attacker could create a malicious Web page that calls a malicious .chm file from the Temporary Internet Folder (TIF) directory after it has been saved by the victim, the attacker could then cause malicious code to be executed in the victim's system within the victim's Local Computer Zone.
* Note: This check requires an account with Guest or upper privileges which can access the registry of the remote host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-055.asp
* Platforms Affected:
Microsoft Windows 98
Microsoft Windows 98 Second Edition
Microsoft Windows Millennium Edition
Microsoft Windows NT 4.0
Microsoft Windows NT 4.0, Terminal Server Edition
Microsoft Windows 2000
Microsoft Windows XP |
| Recommendation |
Apply the appropriate patch for your system at the following locations:
o Windows 98 and Windows 98 SE:
http://www.microsoft.com/windows98/downloads/contents/WUCritical/q323255/default.asp
o Windows Me:
Only available via Windows Update.
O Windows NT 4.0 (Service Pack 6a):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43308
o Windows NT 4.0, Terminal Server Edition (Service Pack 6a):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=43308
o Windows 2000 (Service Pack 1, Service Pack 2, or Service Pack 3):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=40213
o Windows XP Home Edition and Professional Edition (Gold or Service Pack 1):
http://www.microsoft.com/Downloads/Release.asp?ReleaseID=41834 |
| Related URL |
CVE-2002-0693,CVE-2002-0694 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
