Intrusion Prevention

MS.Itss.Dll.CHM.File.Handling.Heap.Overflow

Description

This indicates an attack attempt against a heap-based buffer-overflow vulnerability in Microsoft Infotech Storage System Library (itss.dll).
An attack may exploit this vulnerability by enticing the potential victims to open a crafted ".chm" file.

Affected Products

Microsoft Corporation: Windows 98
Microsoft Corporation: Windows 98 Second Edition
Microsoft Corporation: Windows Me
Microsoft Corporation: Windows XP
Microsoft Corporation: Windows 2000 Any version
Microsoft Corporation: Windows 2003 Any version
Microsoft Corporation: Windows NT 4.0

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2006-2297