Microsoft Windows Heap-Corruption Vulnerability

vendor:

Windows

by:

SecurityFocus

7.5

CVSS

HIGH

Heap-Corruption

119

CWE

Product Name: Windows

Affected Version From: Microsoft Windows 2000

Affected Version To: Microsoft Windows XP SP2

Patch Exists: YES

Related CWE: CVE-2005-2118

CPE: o:microsoft:windows

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows, Linux, Mac

2005

Microsoft Windows Heap-Corruption Vulnerability

Microsoft Windows is susceptible to a heap-corruption vulnerability while attempting to read specially crafted CHM or ITS files. This occurs in the 'ITSS.DLL' library. This vulnerability allows remote attackers to execute arbitrary machine code in the context of applications using the affected library. Attackers may exploit this issue by coercing users to open malicious CHM or ITS files with Internet Explorer, or when users try to decompile such files using the 'hh -decompile' command.

Mitigation:

Users should avoid opening CHM or ITS files from untrusted sources.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17926/info

Microsoft Windows is susceptible to a heap-corruption vulnerability while attempting to read specially crafted CHM or ITS files. This occurs in the 'ITSS.DLL' library.

This vulnerability allows remote attackers to execute arbitrary machine code in the context of applications using the affected library.

Attackers may exploit this issue by coercing users to open malicious CHM or ITS files with Internet Explorer, or when users try to decompile such files using the 'hh -decompile' command. CHM files are considered unsafe files, so there is a possibility that advanced users or security researchers may try to decompile these files to inspect their contents.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/27850.chm