header-logo
Suggest Exploit
vendor:
Windows
by:
SecurityFocus
7.5
CVSS
HIGH
Security Bypass Vulnerability
20
CWE
Product Name: Windows
Affected Version From: Microsoft Windows 2000
Affected Version To: Microsoft Windows XP
Patch Exists: YES
Related CWE: CVE-2003-0352
CPE: o:microsoft:windows
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Internet Explorer, Outlook, Outlook Express
2003

Microsoft Windows showHelp() Security Bypass Vulnerability

Microsoft Windows is prone to a security flaw in the implementation of the showHelp() function. Using directory traversal sequences and special syntax when referring to the CHM file, it is possible to bypass this restriction. This could be exploited in combination with other known vulnerabilities to install and execute malicious code on a client system.

Mitigation:

Microsoft has released a patch to address this issue. Users should apply the patch to help mitigate the risk of exploitation.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9320/info

Microsoft Windows is prone to a security flaw in the implementation of the showHelp() function. Microsoft previously released patches that provide security measures to prevent abuse of the showHelp() method to reference local compiled help files (.CHM) from within a web page. This initial problem was described in BID 6780/MS03-004. However, using directory traversal sequences and special syntax when referring to the CHM file, it is possible to bypass this restriction. This could be exploited in combination with other known vulnerabilities to install and execute malicious code on a client system.

** UPDATE: This issue was initially believed to affect Microsoft Internet Explorer but is actually an operating system issue. Microsoft Internet Explorer, Outlook, and Outlook Express may all present attack vectors for this security flaw.

showHelp("mk:@MSITStore:iexplore.chm::..\\..\\..\\..\\chmfile.chm::/fileinchm.html");

Navigation

Suggest Exploit

Services By CQR