Windows Help
by Microsoft
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0823 | 0.05 | — | 0.44 | Aug 12, 2002 | Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter. | |||
| CVE-2006-1591 | 0.01 | — | 0.07 | Apr 3, 2006 | Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. | |||
| CVE-2026-20804 | 0.00 | — | 0.01 | Jan 13, 2026 | Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally. | |||
| CVE-2025-47969 | 0.00 | — | 0.01 | Jun 10, 2025 | Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally. | |||
| CVE-2025-26635 | 0.00 | — | 0.01 | Apr 8, 2025 | Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network. |
- CVE-2002-0823Aug 12, 2002risk 0.05cvss —epss 0.44
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
- CVE-2006-1591Apr 3, 2006risk 0.01cvss —epss 0.07
Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file.
- CVE-2026-20804Jan 13, 2026risk 0.00cvss —epss 0.01
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally.
- CVE-2025-47969Jun 10, 2025risk 0.00cvss —epss 0.01
Exposure of sensitive information to an unauthorized actor in Windows Hello allows an authorized attacker to disclose information locally.
- CVE-2025-26635Apr 8, 2025risk 0.00cvss —epss 0.01
Weak authentication in Windows Hello allows an authorized attacker to bypass a security feature over a network.