New Bug Reported In Windows Help Files

Another Microsoft vulnerability has been disclosed, along with proof-of-concept code.

The so-called heap-overflow vulnerability affects Windows help files in multiple versions of Windows XP, Windows Server 2003, Windows NT, and Windows 2000. Researchers at Security Focus reported that the Help File viewer is prone to a heap-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers.

The problem arises when the application handles a malformed or malicious Windows Help File.

"A successful attack may facilitate arbitrary code execution in the context of a vulnerable user who opens a malicious file," wrote a Security Focus researcher in an advisory. "Failed exploit attempts will likely result in denial-of-service conditions."

A Microsoft spokesman e-mailed a response to InformationWeek and said the company is investigating new public reports of a possible vulnerability in the Microsoft Help subsystem. The company's initial investigation found that the possible vulnerability would require an attacker to use a .hlp file. Microsoft considers them unsafe file types and recommends people use the same caution with .hlp files as they do with .exe, since both file types are executables.Hon Lau, a member of the Security Response Team at Symantec, wrote in a blog entry on Thursday that researchers there have not seen the vulnerability being actively exploited. Lau said Symantec analyzed a sample of the proof-of-concept code and released the Bloodhound.Exploit.135 to detect threats that exploit the vulnerability.

Mati Aharoni, lead penetration tester with Israeli IT security education firm See Security Technologies, is credited with discovering the bug.

Microsoft advised that any customers who think they've been affected by the vulnerability contact the company through this Web site.