OVAL Repository - View Definition: oval:org.mitre.oval:def:381

Open Vulnerability and Assessment Language (OVAL)

News — July 2, 2009

OVAL Repository > View Definition

View Definition

NEW SEARCH : BACK

Definition Id: oval:org.mitre.oval:def:381		Date: 2007-10-04
Title:	Server 2003 HTML Help Remote Code Execution Vulnerability
Description:	Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
Version:	2	Class:	vulnerability
Status:	ACCEPTED	Reference(s):	CVE-2005-1208
Family:	windows
Platform(s):	Microsoft Windows Server 2003	Product(s):	HTML Help Facility
Definition Synopsis:
Windows Server 2003 is installed AND a vulnerable version of hh.exe exists for specific Windows configurations a vulnerable version of hh.exe exists 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed 32-Bit version of Windows is installed OR a version of Windows for the ia64 architecture is installed AND NOT Win2K/XP/2003 is patched AND the version of hh.exe is less than 5.2.3790.315 OR for specific Windows configurations a vulnerable version of hh.exe exists 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed 32-Bit version of Windows is installed OR a version of Windows for the ia64 architecture is installed AND Win2K/XP/2003 service pack 1 is installed AND the version of hh.exe is less than 5.2.3790.2427 OR for 64-bit (x64 arch) Windows (gold edition) a vulnerable version of hh.exe exists 64-Bit (x64 architecture) version of Windows is installed AND NOT Win2K/XP/2003 is patched AND the version of hh.exe is less than 5.2.3790.2435 AND NOT the patch kb896358 is installed (Hotfix key)

NEW SEARCH : BACK

Section Contents
About the Repository
Authoring Style Guide
Submission Guidelines
OVAL Definition Lifecycle
Statement of CVE Compatibility
Top Contributor Awards
Other Repositories
Join Repository Forum
Forum Archives
Terms of Use


	OVAL is sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security. The OVAL Web site is hosted by The MITRE Corporation. Copyright 2002-2009, The MITRE Corporation. All rights reserved. OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Contact oval@mitre.org for more information.	Privacy policy Terms of use