Overview
»IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Help Workshop .HPJ File Buffer Overflow Vulnerability
Date Discovered: 01/24/2007
Severity: High
Operating Systems: Microsoft Visual Studio 6.0 SP6
Microsoft Help Workshop 4.3.2
Synopsis
Stack based buffer overflow in Microsoft Help Workshop 4.3.2 allows user assisted remote attackers to execute arbitrary code via a help project .hpj file with a long HLP field in the OPTIONS section.
iPolicy Networks Response
iPolicy Networks IPF provides detection of this vulnerability by the following signatures:
  • Microsoft_Help_Workshop_HPJ_file_Buffer_Overflow_Vulnerability
Recommended Actions
1. Do not open untrusted HPJ file.
Threat Analysis
Microsoft help workshop fails to properly bounds check user supplied input in .hpj project files.

An attacker may use a malformed '.hpj' file containing an unusually long string to cause a stack based buffer overflow, allowing the execution of arbitrary code.

The problem lies in lack of boundary check of file path variables in the 'HLP' field of 'OPTIONS' section. When the string length exceeds 256 bytes, programs static buffer is overflowed and its memory in corrupted.
References

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0427
http://www.securityfocus.com/bid/22135/

Write-up by: Aditya Chaturvedi
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map