Search

Microsoft Windows "itss.dll" Heap Corruption Unpatched Vulnerability

Thursday, 11 May 2006 by Michel Roth

Rub�n Santamarta has discovered a vulnerability in Microsoft Windows, which potentially can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the Infotech Storage System Library (itss.dll) when reading a ".CHM" file. This can be exploited to cause heap corruption and may allow arbitrary code execution via a specially crafted ".CHM" file.

The vulnerability has been confirmed in Windows XP SP2 (fully patched) and also reported in Windows 2000 SP4. Other versions may also be affected.

Read the full advisory here.

Related Items:

0-Day Microsoft Excel Unspecified Code Execution Vulnerability (19 June 2006)
Internet Explorer "object" Tag Memory Corruption Code Execution (26 April 2006)
0-Day Microsoft Word 2000 Unspecified Code Execution Vulnerability (5 September 2006)
Citrix ICA Client ActiveX Control Heap Overflow Vulnerability (6 December 2006)
Firefox IDN URL Domain Name Buffer Overflow (13 September 2005)
Trend Micro Products AntiVirus Library Buffer Overflow (27 February 2005)
VMware NAT Networking Buffer Overflow Vulnerability (21 December 2005)
Unpatched Internet Explorer Vulnerability, Exploit Released (8 November 2004)
Citrix Presentation Server Client Unspecified Code Execution (2 March 2007)
Warning: Microsoft Windows WMF Handling Arbitrary Code Execution - Exploit In the Wild (29 December 2005)

Comments (0)

Show/Hide comment form toggle

toggle

Our Newsletter

Stay Updated

Stay Updated!

Latest downloads

Stresstesing Provision Networks Components With DeNamiK LoadGenDeNamiK LoadGen1.3Visionapp Remote Desktop managerDeNamik Service WrapperLogin Consultants TS Task ManagerDeNamiK sftImportSoftgrid Precache All Applications Script: CacheAllSFTAppsThincomputing.net Tools v1.02

Latest Blog items