Intrusion Prevention



This indicates a potential buffer overrun exploit with Winhlp32.exe.

Winhlp32.exe is used by HTML Help ActiveX control and ships with Microsoft HTML Help. The vulnerability is exploited as a result of insufficient bounds checking of the Item parameter in the WinHlp command. This could lead to denial of service attacks and other stack and heap based overflows.

Affected Products

Microsoft Windows 2000
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows ME
Microsoft Windows NT
Microsoft Windows XP


The vulnerability allows an attacker to cause a buffer overflow and potentially execute arbitrary code or mount denial of service attacks.

Recommended Actions

Apply Windows 2000 SP3 service pack.

CVE References