CVE-1999-0975
Windows 95 and 98 - Local Command Execution via Help File Topic Action
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-1999-0975. PoCs published by Pauli Ojanpera.
AI-analyzed exploit summary This exploit leverages the Windows Help system's ability to execute arbitrary commands via modified *.cnt files. By editing the WDMAIN8.CNT file to include a malicious entry, an attacker can trigger the execution of CMD.EXE when a user selects a specific help topic.
Description
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
Exploits (1)
This exploit leverages the Windows Help system's ability to execute arbitrary commands via modified *.cnt files. By editing the WDMAIN8.CNT file to include a malicious entry, an attacker can trigger the execution of CMD.EXE when a user selects a specific help topic.