cbcvebase.
CVE-2002-0823
published 2002-08-12

CVE-2002-0823: Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx)…

PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
44.40%
98.6th percentile
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

Detection & IOCsextracted from sources · hover to see the quote

filenameWinhlp32.exe
filenameHHCtrl.ocx
processWinhlp32.exe
  • Monitor for HTML documents or email invoking the HTML Help ActiveX control (HHCtrl.ocx) with an abnormally long string in the Item parameter of a WinHlp command, which is the trigger for the buffer overflow.
  • Detect use of the winhelp.HHClick() method in HTML content, as this is the ActiveX invocation vector used to trigger the vulnerability.
  • Alert on unexpected outbound/back-channel network connections originating from Winhlp32.exe, especially on systems running Tiny Personal Firewall 3.0 where the process is trusted by default and such connections would not be blocked.
  • Inspect HTML email and web pages for embedded ActiveX object tags referencing HHCtrl.ocx with a long pathname argument, as this is the delivery mechanism for both browser and email-based exploitation.
  • ·Tiny Personal Firewall 3.0 (but NOT 2.0) treats Winhlp32.exe / HTML Help as a trusted application by default, meaning post-exploitation back-channel connections will bypass its outbound firewall rules silently.
  • ·The HTML Help ActiveX control can also be leveraged for denial-of-service attacks and additional stack- and heap-based overflows beyond the primary Item parameter overflow, broadening the attack surface.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.