Intrusion Prevention
MS.WinHlp32.Item.Buffer.Overflow
Description
This indicates a potential buffer overrun exploit with Winhlp32.exe.
Winhlp32.exe is used by HTML Help ActiveX control and ships with Microsoft HTML Help. The vulnerability is exploited as a result of insufficient bounds checking of the Item parameter in the WinHlp command. This could lead to denial of service attacks and other stack and heap based overflows.
Affected Products
Microsoft Windows 2000
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows XP
Impact
The vulnerability allows an attacker to cause a buffer overflow and potentially execute arbitrary code or mount denial of service attacks.
Recommended Actions
Apply Windows 2000 SP3 service pack.