CVE-2007-0427

Microsoft Html Help Workshop - Buffer Overflow

Title source: rule

Description

Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.

Exploits (2)

exploitdb WORKING POC VERIFIED

by porkythepig · c++localwindows

https://www.exploit-db.com/exploits/3159

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by porkythepig · c++localwindows

https://www.exploit-db.com/exploits/3149

View Code ZIP pw:eip

References (6)

[Third Party Advisory, VDB Entry] http://osvdb.org/31899

[Exploit] http://www.anspi.pl/~porkythepig/visualization/hpj-x01.cpp

[Exploit] http://www.securityfocus.com/bid/22135

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/457436/100/0/threaded

[Third Party Advisory] http://secunia.com/advisories/23862

[Third Party Advisory] http://securityreason.com/securityalert/2177

Scores

EPSS 0.5526

EPSS Percentile 98.1%

Details

Status published

Products (1)

microsoft/html_help_workshop 4.03.0002

Published Jan 23, 2007

Tracked Since Feb 18, 2026