Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerability in HTML Help Could Allow Code Execution (840315) Vulnerability Scan
Vulnerability Scan Summary
Checks for ms04-023 over the registry
Detailed Explanation for this Vulnerability Test
Arbitrary code can be executed on the remote host through the web client.
The remote host is subject to two vulnerabilities in the HTML Help and showHelp
modules, which could allow a possible hacker to execute arbitrary code on the remote
To exploit this flaw, a possible hacker would need to set up a rogue website
containing a malicious showHelp URL, and would need to lure a user on the
remote host to visit it. Once the user visits the web site, a buffer overflow
would allow the attacker to execute arbitrary commands with the rights
of the victim user.
Microsoft has released a set of patches for Windows 2000, XP and 2003 :
High / CVSS Base Score : 8
Click HERE for more information and discussions on this network vulnerability scan.