|
Microsoft Windows "itss.dll" Heap Corruption Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA20061
|
|
|
Release Date:
|
2006-05-10
|
|
Last Update:
|
2006-05-11
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
|
| | CVE reference: | CVE-2006-2297 (Secunia mirror)
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
Rubén Santamarta has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the Infotech Storage System Library (itss.dll) when reading a ".CHM" file. This can be exploited to cause heap corruption and may allow arbitrary code execution via a specially crafted ".CHM" file.
Successful exploitation requires that the user is e.g. tricked in opening or decompiling a malicious ".CHM" file using "hh.exe".
The vulnerability has been confirmed in Windows XP SP2 (fully patched) and also reported in Windows 2000 SP4. Other versions may also be affected.
NOTE: The CHM file format should be considered insecure and treated similar to an executable file. However, this vulnerability is triggered even when the user decompiles the file without opening it.
Solution:
The vulnerability will reportedly be fixed in the next Service Pack.
Do not open or decompile untrusted ".CHM" files.
Provided and/or discovered by:
Rubén Santamarta
Changelog:
2006-05-11: Added CVE reference.
Original Advisory:
http://reversemode.com/index.php?opti...&task=view&id=11&Itemid=1
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
263 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft Windows Event System Privilege Escalation Vulnerabilities
|
|
2. Microsoft Windows Color Management System Buffer Overflow
|
|
3. Microsoft SQL Server and MSDE Multiple Vulnerabilities
|
|
4. Microsoft Windows DNS Spoofing Vulnerabilities
|
|
5. Microsoft Windows Pragmatic General Multicast Denial of Service
|
|
6. Microsoft Windows Active Directory LDAP Request Processing Denial of Service
|
|
7. Microsoft Windows WINS Privilege Escalation Vulnerability
|
|
8. Microsoft DirectX MJPEG/SAMI File Processing Vulnerabilities
|
|
9. Microsoft Windows Speech Recognition Security Issue
|
|
10. Apple Safari on Windows Code Execution Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
