Microsoft Windows "itss.dll" Heap Corruption Vulnerability
[B]Microsoft Windows "itss.dll" Heap Corruption Vulnerability[/B]
Critical: Less critical
Impact: System access
Where: From remote
Solution Status: Unpatched
OS: Microsoft Windows 2000 / XP
[B]Description:[/B]
Rubén Santamarta has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the Infotech Storage System Library (itss.dll) when reading a ".CHM" file. This can be exploited to cause heap corruption and may allow arbitrary code execution via a specially crafted ".CHM" file.
Successful exploitation requires that the user is e.g. tricked in opening or decompiling a malicious ".CHM" file using "hh.exe".
The vulnerability has been confirmed in Windows XP SP2 (fully patched) and also reported in Windows 2000 SP4. Other versions may also be affected.
NOTE: The CHM file format should be considered insecure and treated similar to an executable file. However, this vulnerability is triggered even when the user decompiles the file without opening it.
[B]Solution:[/B]
The vulnerability will reportedly be fixed in the next Service Pack.
Do not open or decompile untrusted ".CHM" files.
[B]Provided and/or discovered by:[/B] Rubén Santamarta
Original Advisory: [url]http://reversemode.com/index.php?option=com_content&task=view&id=11&Itemid=1[/url]
Источник: [url=http://secunia.com/advisories/20061/]secunia.com[/url]
