CVE-2004-0201

3 documents3 sources

Severity

10.0CRITICAL

EPSS

50.7%

top 2.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Avaya Modular Messaging Message Storage Server Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedAug 6

Latest updateApr 29

Description

Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

▶NVDmicrosoft/windows_nt4.0

▶NVDavaya/modular_messaging_message_storage_servers3400

Patches

Patch: www.kb.cert.org ↗Patch: www.us-cert.gov ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-rfqx-p859-5rqq: Heap-based buffer overflow in the HtmlHelp program (hh↗2022-04-29

▶

CVEList

CVE-2004-0201: Heap-based buffer overflow in the HtmlHelp program (hh↗2004-07-14

▶