検索:
ホーム   »     »   Microsoft Windows “itss.dll” Heap Corruption Vulnerability

Microsoft Windows “itss.dll” Heap Corruption Vulnerability

  • 投稿日:2006年5月11日
  • 脅威カテゴリ:未分類
  • 執筆:ウイルス解析担当者
0

Yes, it’s another vulnerability found in Microsoft Windows where it is tagged as “less critical” by Secunia. This concerns “.chm” files:


The vulnerability is caused due to a boundary error in the Infotech Storage System Library (itss.dll) when reading a “.CHM” file. This can be exploited to cause heap corruption and may allow arbitrary code execution via a specially crafted “.CHM” file.


Successful exploitation requires that the user is e.g. tricked in opening or decompiling a malicious “.CHM” file using “hh.exe”.


According to the discoverer,


“Microsoft plans to address this issue in the next Service Pack. Due to this fact, users of certain Windows versions should implement their own protection mechanism.”


It is then advised that users never open or decompile untrusted “.chm” files. Note that executing a “.chm” file is the same as executing an “.exe” file.


“Microsoft rates the CHM file format as potentially dangerous,similar to an executable file.”


References: (Read on for more details)



  • http://secunia.com/advisories/

No related posts.



  • 個人のお客さま向けオンラインショップ
  • |
  • 法人のお客さま向け直営ストア
  • |
  • 販売パートナー検索
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • 電子公告
  • ご利用条件
  • プライバシーポリシー
  • Copyright © 2021 Trend Micro Incorporated. All rights reserved.