Bug: Microsoft Infotech Storage library Heap Corruption ( Ascii Version )

Search:
WLB2

Microsoft Infotech Storage library Heap Corruption

Published
Credit
Risk
2006.05.15
Reversemode (advisories reversemode com)
Low
CWE
CVE
Local
Remote
CWE-119
CVE-2006-2297
Yes
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
4.9/10
4.9/10
Exploit range
Attack complexity
Authentication
Remote
High
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

Microsoft Infotech Storage System Library (itss.dll) is prone to a heap
corruption vulnerability. This issue is due to the failure of the
library to properly check a specially crafted CHM file.
The successful exploitation of this flaw would allow to execute
arbitrary code.

Itss.dll is the system library, which deals with CHM/ITS format.

Microsoft rates the CHM file format as potentially dangerous,similar to
an executable file. Nevertheless, this flaw is triggered just
decompiling the malicious CHM file (using hh -decompile), thus malicious
attackers could trick the user to perform this operation or even,
advanced users or researchers could try to decompile before opening it.

Microsoft plans to address this issue in the next Service Pack. Due to
this fact, users of certain Windows versions should implement their own
protection mechanism.

Advisory and proof of concept available at www.reversemode.com

Regards,
Rubén Santamarta

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version