CVE-2009-0133

Microsoft HTML Help Workshop <4.74 - Buffer Overflow

Title source: llm

Description

Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.

Exploits (8)

exploitdb WORKING POC VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/16631
exploitdb WORKING POC VERIFIED
by Encrypt3d.M!nd · pythonlocalwindows
https://www.exploit-db.com/exploits/10321
exploitdb WORKING POC VERIFIED
by SkD · perllocalwindows
https://www.exploit-db.com/exploits/7727
exploitdb WORKING POC VERIFIED
by k3xji · clocalwindows
https://www.exploit-db.com/exploits/1490
exploitdb WORKING POC VERIFIED
by bratax · clocalwindows
https://www.exploit-db.com/exploits/1470
exploitdb WORKING POC
cpplocalwindows
https://www.exploit-db.com/exploits/1495
exploitdb WORKING POC
doswindows
https://www.exploit-db.com/exploits/1488
metasploit WORKING POC GOOD
by Encrypt3d.M!nd, loneferret, jduck · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/hhw_hhp_indexfile_bof.rb

References (2)

Scores

EPSS 0.7610
EPSS Percentile 98.9%

Details

CWE
CWE-119
Status published
Products (1)
microsoft/html_help_workshop 4.74
Published Jan 15, 2009
Tracked Since Feb 18, 2026