[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] WinXP IE .HLP file 0day
From: Maurycy Prodeus <mailing-list () isec ! pl>
Date: 2010-02-26 18:04:15
Message-ID: d4c9ac821002261004v718e7610u3a6dec93be11b607 () mail ! gmail ! com
[Download RAW message or body]
> There are loads of known vulns in winhlp32.exe, particularly in the
> decompression routines. That's why it was removed from Vista, and why
> .hlp files are considered to be dangerous file formats.
.HLP == executable
According to http://en.wikipedia.org/wiki/WinHelp :
"A rather security critical feature is that one can also include a DLL
file containing custom code and associating it with WinHelp topics.
Effectively this makes .HLP files equivalent to executables."
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic