Microsoft Infotech Storage library Heap Corruption

2006.05.15

Credit: Reversemode (advisories reversemode com)

Risk: Low

Local: Yes

Remote: Yes

CVE: CVE-2006-2297

CWE: CWE-119

CVSS Base Score: 4/10

Impact Subscore: 4.9/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: None

Microsoft Infotech Storage System Library (itss.dll) is prone to a heap
corruption vulnerability. This issue is due to the failure of the
library to properly check a specially crafted CHM file.
The successful exploitation of this flaw would allow to execute
arbitrary code.
Itss.dll is the system library, which deals with CHM/ITS format.
Microsoft rates the CHM file format as potentially dangerous,similar to
an executable file. Nevertheless, this flaw is triggered just
decompiling the malicious CHM file (using hh -decompile), thus malicious
attackers could trick the user to perform this operation or even,
advanced users or researchers could try to decompile before opening it.
Microsoft plans to address this issue in the next Service Pack. Due to
this fact, users of certain Windows versions should implement their own
protection mechanism.
Advisory and proof of concept available at www.reversemode.com
Regards,
Rubn Santamarta

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Microsoft Infotech Storage library Heap Corruption

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.