Author Topic: New hole in Windows HLP waits for malware...  (Read 2556 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33440
  • malware fighter
New hole in Windows HLP waits for malware...
« on: April 13, 2007, 10:47:09 AM »
Hi malware fighters,

A new vulnerability is rated as "low", only because there has not been found malware exploiting it:
http://www.symantec.com/enterprise/security_response/writeup.jsp?docid=2007-041100-4132-99&tabid=1

Next to a Windows DNS leakage a new vulnerability has been found in Windows Help files. Through this dangerous security hole an attacker can take over a complete system remotely. This hole has not been seen to have been exploited in the wild, but because there is no patch users are advised to be extra carefult, and to update all their security software.

Problem seems to be Microsoft Help Engine does not check the buffer totals before a certain data block is being released into  HLP files, creating a heap overflow, in this fashion enabling the execution of arbitrairy code. The hole has been found to exist  for Windows NT, 2000, 2003 and XP.

polonus
« Last Edit: April 13, 2007, 10:57:37 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Marc57

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1944
  • KISS Rules The World!!!
    • KISS Army
Re: New hole in Windows HLP waits for malware...
« Reply #1 on: April 13, 2007, 11:21:11 AM »
The DNS flaw is being exploited even as we speak.

"Cybercrooks are using a yet-to-be-patched security flaw in certain Windows versions to attack computers running the operating systems, Microsoft warned late Thursday."

http://news.com.com/Cybercrooks+exploiting+new+Windows+DNS+flaw/2100-7349_3-6175743.html?tag=html.alert.comp
You Wanted the Best You Got the Best the Hottest Band in the World KISS!!!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 86126
  • No support PMs thanks
Re: New hole in Windows HLP waits for malware...
« Reply #2 on: April 13, 2007, 03:15:37 PM »
Quote
Windows XP and Windows Vista are not impacted by the DNS flaw. Windows 2000 Server Service Pack 4, Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2 are vulnerable, Microsoft said.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 21.11.2500 (build 21.11.6809.528) UI 1.0.683/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33440
  • malware fighter
Re: New hole in Windows HLP waits for malware...
« Reply #3 on: April 13, 2007, 09:23:45 PM »
Yes DavidR, we know that, but the help files hole is!!

the old pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!