Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft windows help vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-0823
Buffer overflow in Winhlp32.exe allows remote malicious users to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
Microsoft Windows Help
Microsoft Windows 2000
1 EDB exploit
NA
CVE-2006-0564
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent malicious users to execute arbitrary code via a .hhp file with a long Contents file field.
Microsoft Html Help 1.4
Microsoft Html Help Workshop 4.74.8702.0
8 EDB exploits
NA
CVE-2006-4138
Multiple unspecified vulnerabilities in Microsoft Windows Help File viewer (winhlp32.exe) allow user-assisted malicious users to execute arbitrary code via crafted HLP files.
Microsoft Help File Viewer
1 EDB exploit
NA
CVE-2005-1208
Integer overflow in Microsoft Windows 98, 2000, XP SP2 and previous versions, and Server 2003 SP1 and previous versions allows remote malicious users to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overfl...
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server Enterprise 64-bit
Microsoft Windows 2003 Server R2
Microsoft Windows 2003 Server Standard
Microsoft Windows 98
Microsoft Windows Xp
Microsoft Windows 2003 Server 64-bit
Microsoft Windows 2003 Server Datacenter 64-bit
Microsoft Windows 2003 Server Standard 64-bit
Microsoft Windows 2003 Server Web
Microsoft Windows 2000
NA
CVE-2002-0693
Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote malicious users to execute code via (1) a long parameter to the Alink f...
Microsoft Windows 2000
Microsoft Windows 98se
Microsoft Windows Me
Microsoft Windows Nt 4.0
Microsoft Windows Xp
Microsoft Windows 2000 Terminal Services
Microsoft Windows 98
1 EDB exploit
NA
CVE-2010-2265
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote malicious users to inject arbitrary web script or HTML via the svr parameter to sysinf...
Microsoft Windows 2003 Server
Microsoft Windows Xp
Microsoft Windows Xp -
Microsoft Windows Server 2003
1 EDB exploit
NA
CVE-2007-0214
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote malicious users to execute arbitrary code via unspecified functions, related to uninitialized parameters.
Microsoft Windows 2003 Server
Microsoft Windows 2003 Server 64-bit
Microsoft Windows 2000
Microsoft Windows Xp
Microsoft Windows 2003 Server Itanium
Microsoft Windows 2003 Server Sp1
NA
CVE-1999-0975
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
Microsoft Windows 98
Microsoft Windows 95
Microsoft Windows Nt 4.0
1 EDB exploit
NA
CVE-2004-0201
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote malicious users to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-...
Avaya S8100
Avaya Ip600 Media Servers
Avaya Definity One Media Server
Microsoft Windows 2003 Server R2
Microsoft Windows Nt 4.0
Microsoft Windows Xp
Microsoft Windows 2000
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server Enterprise 64-bit
Microsoft Windows Me
Avaya Modular Messaging Message Storage Server S3400
Microsoft Windows 2003 Server Standard
Microsoft Windows 2003 Server Web
Microsoft Windows 98
Microsoft Windows 98se
NA
CVE-2003-0711
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote malicious users to execute arbitrary code via a long query in an HCP URL.
Microsoft Windows 2000
Microsoft Windows 2003 Server Web
Microsoft Windows Me
Microsoft Windows Nt 4.0
Microsoft Windows Xp
Microsoft Windows 2003 Server R2
Microsoft Windows 2003 Server Standard
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server Enterprise 64-bit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4946
CVE-2024-30309
CVE-2024-4761
CVE-2024-30051
type confusion
memory leak
CVE-2024-30293
reflected XSS
CVE-2024-3126
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
6
NEXT »