Vulnerability Description
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 2003 Server | enterprise |
| Microsoft | Windows Nt | 4.0 |
| Microsoft | Windows Xp | All versions |
References
- http://marc.info/?l=bugtraq&m=110383690219440&w=2
- http://www.securityfocus.com/bid/12091Exploit
- http://www.xfocus.net/flashsky/icoExp/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18678
- http://marc.info/?l=bugtraq&m=110383690219440&w=2
- http://www.securityfocus.com/bid/12091Exploit
- http://www.xfocus.net/flashsky/icoExp/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18678
FAQ
What is CVE-2004-1361?
CVE-2004-1361 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which l...
How severe is CVE-2004-1361?
CVE-2004-1361 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-1361?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 2003 Server, Microsoft Windows Nt, Microsoft Windows Xp.