HTML Help Workshop

CVEs (4)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2006-0564	Microsoft HTML Help	0.10	—	0.83	Feb 6, 2006	Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
CVE-2009-0133	Microsoft HTML Help Workshop	0.09	—	0.76	Jan 15, 2009	Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
CVE-2007-0352	Microsoft HTML Help Workshop	0.08	—	0.68	Jan 19, 2007	Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
CVE-2007-0427	Microsoft HTML Help Workshop	0.07	—	0.55	Jan 23, 2007	Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.

CVE-2006-0564Feb 6, 2006
Microsoft
HTML Help
risk 0.10cvss —epss 0.83
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
CVE-2009-0133Jan 15, 2009
Microsoft
HTML Help Workshop
risk 0.09cvss —epss 0.76
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
CVE-2007-0352Jan 19, 2007
Microsoft
HTML Help Workshop
risk 0.08cvss —epss 0.68
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a crafted .cnt file composed of lines that begin with an integer followed by a space and a long string.
CVE-2007-0427Jan 23, 2007
Microsoft
HTML Help Workshop
risk 0.07cvss —epss 0.55
Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 allows user-assisted remote attackers to execute arbitrary code via a help project (.HPJ) file with a long HLP field in the OPTIONS section.