[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] WinXP IE .HLP file 0day

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] WinXP IE .HLP file 0day
From: Peter Ferrie <peter.ferrie@xxxxxxxxx>
Date: Fri, 26 Feb 2010 09:30:44 -0800

> Rather funny than scary:
> http://isec.pl/vulnerabilities10.html

There are loads of known vulns in winhlp32.exe, particularly in the
decompression routines.  That's why it was removed from Vista, and why
.hlp files are considered to be dangerous file formats.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] WinXP IE .HLP file 0day
  - From: Maurycy Prodeus

References:
- [Full-disclosure] WinXP IE .HLP file 0day
  - From: Maurycy Prodeus

Prev by Date: [Full-disclosure] WinXP IE .HLP file 0day
Next by Date: Re: [Full-disclosure] Mozilla firefox 3.6 unpatched phishing vulnerability
Previous by thread: [Full-disclosure] WinXP IE .HLP file 0day
Next by thread: Re: [Full-disclosure] WinXP IE .HLP file 0day
Index(es):
- Date
- Thread