Another Microsoft vulnerability has been disclosed, along with proof-of-concept code.
The so-called heap-overflow vulnerability affects Windows help files in multiple versions of Windows XP, Windows Server 2003, Windows NT, and Windows 2000. Researchers at Security Focus reported that the Help File viewer is prone to a heap-overflow vulnerability because it fails to perform boundary checks before copying user-supplied data into insufficiently sized memory buffers.
The problem arises when the application handles a malformed or malicious Windows Help File.
"A successful attack may facilitate arbitrary code execution in the context of a vulnerable user who opens a malicious file," wrote a Security Focus researcher in an advisory. "Failed exploit attempts will likely result in denial-of-service conditions."
A Microsoft spokesman e-mailed a response to InformationWeek and said the company is investigating new public reports of a possible vulnerability in the Microsoft Help subsystem. The company's initial investigation found that the possible vulnerability would require an attacker to use a .hlp file. Microsoft considers them unsafe file types and recommends people use the same caution with .hlp files as they do with .exe, since both file types are executables.
Making the jump from outdated legacy technology to a more modern digital infrastructure will allow businesses to innovate at the speed and scale needed in today’s marketplace.
The business world is speeding up. The longer IT leaders wait to get their needs met, the more at risk their businesses and their jobs will be.
By arming SD-WAN networks with end-to-end intelligence, analytics-driven predictions, and predictive automation solutions, IT teams can simplify infrastructure management and assure higher levels of quality experiences for users.
