Three exploits for HTML Help Workshop flaw released

Three different Proof of Concepts have been released for the recent Microsoft HTML Help Workshop vulnerability (CVE-2006-0564), the newest during the weekend on a Turkish Web site. This is rare, three PoC’s in less than a week. NOTE: The fourth PoC is public now.

The first code was released by ‘bratax’ on Monday 6th Jan. when the vulnerability was disclosed.
For some reason the release date listed in the advisory is ‘February 10 2006‘:
users.pandora.be/bratax/advisories/b008.html. Maybe someone found his site beforehand?

Whichever the case, all vendors released information on this on the 6th of Jan.
An arbitrary code execution has been reported when a malicious .HHP file is opened. All of these PoCs reportedly work on XP SP2. The problem occurs when specially crafted files containing an a long string in the “Contents File” field are being handled.

According to some sources it is possible that specially crafted .CHM files are also affected.

The Open Source Vulnerability Database has all of these PoC URLs in one document at
www.osvdb.org/displayvuln.php?osvdb_id=22941.

Systems utilizing the HTML Help Workshop Software Development Kit are at risk, information about applications shipped with this package is not yet widely known. We are waiting on an official Security Advisory from Microsoft.

- UPDATE: The fourth PoC was released on Tuesday.

Share