funsec mailing list archives
Microsoft Windows "itss.dll" Heap Corruption Vulnerability
From: "Fergie" <fergdawg () netzero net>
Date: Wed, 10 May 2006 16:05:29 GMT
Via Secunia. [snip] Description: Rubén Santamarta has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Infotech Storage System Library (itss.dll) when reading a ".CHM" file. This can be exploited to cause heap corruption and may allow arbitrary code execution via a specially crafted ".CHM" file. Successful exploitation requires that the user is e.g. tricked in opening or decompiling a malicious ".CHM" file using "hh.exe". The vulnerability has been confirmed in Windows XP SP2 (fully patched) and also reported in Windows 2000 SP4. Other versions may also be affected. [snip] More: http://secunia.com/advisories/20061/ - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg () netzero net or fergdawg () sbcglobal net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Microsoft Windows "itss.dll" Heap Corruption Vulnerability Fergie (May 10)
- Re: Microsoft Windows "itss.dll" Heap Corruption Vulnerability Blue Boar (May 10)
- Re: Microsoft Windows "itss.dll" Heap Corruption Vulnerability Dude VanWinkle (May 10)
- Re: Microsoft Windows "itss.dll" Heap Corruption Vulnerability Blue Boar (May 10)