Microsoft’s security response team has announced that they are currently investigating reports of a buffer overflow vulnerability that could be exploited remotely in HTML Help Workshop, the standard help system used in various Windows operating system versions.
Microsoft is compelled to investigate this latest security vulnerability in Windows after a method of exploitation, which has been widely publicized, was demonstrated to effectively leverage this flaw. The exploitation method typically causes files with the “.hhp” extension to generate errors and become unexecutable.
The Danish security firm Secunia has classified this security flaw as medium risk, but has also warned that successful exploitation could allow malicious code to run when a dangerous “.hhp” file is opened.
According to widely circulated warnings, there exists a buffer overflow vulnerability in the way HTML Help Workshop processes “.hhp” files, enabling remote attackers to take control of the user’s computer and execute binary code with “user” level privileges.
HTML Help Workstation version 4.74.8702.0 has been confirmed to be affected by this security flaw. However, Secunia warns that there are likely many other versions that may also contain similar vulnerabilities.
Nonetheless, a Microsoft spokesperson stated that the company has not received any reports of attacks exploiting this vulnerability. The spokesperson further noted that customers who do not have HTML Help SDK installed on their systems will not be affected by this security flaw.
The Microsoft HTML Help SDK is used to create online help for software applications or to generate content for websites. Developers can utilize the HTML Help API to program a host application or to link context-sensitive help for their own applications.
