Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
microsoft windows help vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2004-0199
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote malicious users to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
Microsoft Windows Xp
Microsoft Windows 2003 Server Web
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server Enterprise 64-bit
Microsoft Windows 2003 Server R2
Microsoft Windows 2003 Server Standard
NA
CVE-2003-0009
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote malicious users to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
Microsoft Windows Xp
Microsoft Windows Me
1 EDB exploit
NA
CVE-2004-1306
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote malicious users to execute arbitrary code via a crafted .hlp file.
Microsoft Windows Nt 4.0
Microsoft Windows 2003 Server Web
Microsoft Windows Xp
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2003 Server Enterprise 64-bit
Microsoft Windows 2000
Microsoft Windows 2003 Server Datacenter 64-bit
Microsoft Windows 2003 Server Standard
Microsoft Windows 2003 Server R2
1 EDB exploit
NA
CVE-1999-0716
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
Microsoft Windows Nt 4.0
Microsoft Windows Nt
Microsoft Windows 2000
1 EDB exploit
NA
CVE-2003-0907
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote malicious users to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
Microsoft Windows Xp -
Microsoft Windows Server 2003 -
NA
CVE-2010-0483
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote malicious users to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, o...
Microsoft Windows 2000
Microsoft Windows 2003 Server
Microsoft Windows Server 2003
Microsoft Windows Xp
Microsoft Windows Xp -
2 EDB exploits
NA
CVE-2004-1043
Internet Explorer 6.0 on Windows XP SP2 allows remote malicious users to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and inject...
Microsoft Internet Explorer 6.0
Microsoft Windows Xp
1 EDB exploit
NA
CVE-2002-0694
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote ...
Microsoft Windows Nt 4.0
Microsoft Windows 2000 Terminal Services
Microsoft Windows Xp
Microsoft Windows 2000
Microsoft Windows 98se
Microsoft Windows Me
Microsoft Windows 98
NA
CVE-2010-1885
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote malicious users to bypass the trusted documents whitelist (fromHCP option) and exe...
Microsoft Windows Xp
Microsoft Windows Xp -
Microsoft Windows Server 2003
Microsoft Windows 2003 Server
2 EDB exploits
14 Articles
NA
CVE-2006-1591
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted malicious users to execute arbitrary code via crafted embedded image data in a .hlp file.
Microsoft Windows Nt 4.0
Microsoft Windows Xp
Microsoft Windows 2003 Server Web
Microsoft Windows 2003 Server Enterprise
Microsoft Windows 2000
Microsoft Windows 2003 Server R2
Microsoft Windows 2003 Server Standard
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »