Intrusion Prevention



This indicates an attempt to exploit a heap overflow vulnerability in Microsoft Windows winhlp32.exe.
The vulnerability is caused by insufficient validation when the vulnerable software parses a malicious Windows Help file (.hlp). It allows remote attackers to execute arbitrary code on the affected system.

Affected Products

Microsoft Windows XP through SP1
Microsoft Windows 2003
Microsoft Windows 2000 through SP4
Microsoft Windows NT through SP6


System compromise: remote code execution.

Recommended Actions

Do not download or open Windows help (.hlp) files from untrusted sources.

CVE References

CVE-2004-1361 CVE-2004-1306