MS.Windows.showHelp.CHM.File.Execution
Description
This indicates an attack attempt against an arbitrary program-execution vulnerability in Microsoft Windows.
The vulnerability is caused by a flaw in the showHelp() function when it references a compiled help file (.CHM file). It allows a remote attacker to bypass security checking to execute arbitrary programs via a URL containing ".." sequences and a filename ending with "::".
Affected Products
Microsoft Windows XP SP1
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6a
NT Enterprise Server 4.0 SP6a
Windows 2000 Server SP4
Windows 2000 Professional SP4
Impact
System compromise
Recommended Actions
Apply the patch as given in the Microsoft Security Bulletin MS04-023.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |