CVE-2004-1361

3 documents3 sources

Severity

5.0MEDIUM

EPSS

29.1%

top 3.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server Microsoft Windows NT

Timeline

PublishedDec 23

Latest updateApr 29

Description

Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

▶NVDmicrosoft/windows_nt4.0

🔴Vulnerability Details

GHSA

GHSA-5pqc-wjgq-r2x7: Integer underflow in winhlp32↗2022-04-29

▶

CVEList

CVE-2004-1361: Integer underflow in winhlp32↗2005-01-19

▶