{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/25249#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"The HHCtrl ActiveX control has a serious vulnerability that allows remote intruders to execute arbitrary code, if the intruder can cause a compiled help file (CHM) to be stored \"locally.\" Microsoft has released a security bulletin and a patch for this vulnerability, but the patch does not address all circumstances under which the vulnerability can be exploited. This document discusses some of the additional ways in which this vulnerability can be exploited. Some common circumstances under which this vulnerability can be exploited are addressed by the Microsoft patch; others are not. Read this document carefully with your network configuration in mind to determine if you need to take any action. In recent discussions with the CERT/CC, Microsoft has indicated they do not plan to alter the patch.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/25249"}],"title":"HHControl Object (showHelp) may execute shortcuts embedded in help files","tracking":{"current_release_date":"2004-04-12T19:33:06+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#25249","initial_release_date":"2000-03-01 00:00:00+00:00","revision_history":[{"date":"2004-04-12T19:33:06+00:00","number":"1.20040412193306.22","summary":"Released on 2004-04-12T19:33:06+00:00"}],"status":"final","version":"1.20040412193306.22"}},"vulnerabilities":[{"notes":[{"category":"general","text":"No vulnerabilities have been defined at this time for this report"}]}]}