CVE-2009-0133

Microsoft HTML Help Workshop <4.74 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 8 public exploits for CVE-2009-0133. PoCs published by Metasploit, Encrypt3d.M!nd, SkD, including Metasploit module exploits/windows/fileformat/hhw_hhp_indexfile_bof.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in HTML Help Workshop 4.74 by crafting a malicious .hhp project file with an oversized 'Index file' field, leading to arbitrary code execution via an egghunter technique.

Description

Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16631

This Metasploit module exploits a stack buffer overflow in HTML Help Workshop 4.74 by crafting a malicious .hhp project file with an oversized 'Index file' field, leading to arbitrary code execution via an egghunter technique.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HTML Help Workshop 4.74
No auth needed
Prerequisites: Victim must open the malicious .hhp file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Encrypt3d.M!nd · pythonlocalwindows
https://www.exploit-db.com/exploits/10321

This exploit targets a buffer overflow vulnerability in HTML Help Workshop 4.74 by crafting a malicious .hhp project file. It uses an egg-hunting technique to locate and execute shellcode, which spawns a calculator as a proof-of-concept payload.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HTML Help Workshop 4.74
No auth needed
Prerequisites: Victim must open the malicious .hhp file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by SkD · perllocalwindows
https://www.exploit-db.com/exploits/7727

This is a functional exploit for a buffer overflow vulnerability in Microsoft HTML Workshop <= 4.74. It uses a custom shellhunter technique to locate and execute shellcode reliably across different Windows versions.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: Microsoft HTML Workshop <= 4.74
No auth needed
Prerequisites: Victim must open a maliciously crafted .hhp file
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by k3xji · clocalwindows
https://www.exploit-db.com/exploits/1490

This exploit demonstrates a buffer overflow vulnerability in Microsoft HTML Help Workshop by crafting a malicious .hhp file with an overflow in the 'Compiled file' field, leading to arbitrary code execution when the file is opened.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft HTML Help Workshop
No auth needed
Prerequisites: Victim must open the malicious .hhp file with Microsoft HTML Help Workshop
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by bratax · clocalwindows
https://www.exploit-db.com/exploits/1470

This exploit leverages a buffer overflow in Microsoft HTML Help Workshop by crafting a malicious .hhp file with an oversized 'Contents file' field, overwriting EIP with a 'jmp esp' address and executing a bind shell payload.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft HTML Help Workshop
No auth needed
Prerequisites: Victim must open the malicious .hhp file in Microsoft HTML Help Workshop
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC
cpplocalwindows
https://www.exploit-db.com/exploits/1495

This exploit leverages a stack overflow vulnerability in Windows HTML Help Workshop by crafting a malicious .hhp file with an oversized 'Index File' field. The payload includes a NOP sled and shellcode to achieve arbitrary code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Windows HTML Help Workshop (version not specified, tested on WinXP SP2)
No auth needed
Prerequisites: Victim must open the malicious .hhp file in HTML Help Workshop
devstral-2 · analyzed Feb 19, 2026 Full analysis →
exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/1488

This exploit targets CVE-2009-0133, a buffer overflow vulnerability in Microsoft Office Word. The PoC uses a maliciously crafted .rtf file with an overly long 'Compatibility' field to trigger a stack-based buffer overflow, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Microsoft Office Word (versions prior to the patch for CVE-2009-0133)
No auth needed
Prerequisites: Victim must open the malicious RTF file in a vulnerable version of Microsoft Word
devstral-2 · analyzed Feb 19, 2026 Full analysis →
metasploit WORKING POC GOOD
by Encrypt3d.M!nd, loneferret, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb

This Metasploit module exploits a stack buffer overflow in HTML Help Workshop 4.74 via a crafted .hhp file, using an egghunter to achieve remote code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: HTML Help Workshop 4.74
No auth needed
Prerequisites: Target must open the malicious .hhp file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7727
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/4914

Scores

EPSS 0.6705
EPSS Percentile 99.2%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/html_help_workshop 4.74
Published Jan 15, 2009
Tracked Since Feb 18, 2026