Microsoft Windows HTML Help ActiveX Control Winhlp32.exe Item memory corruption
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Microsoft Windows. It has been classified as critical. This impacts an unknown function in the library HHCtrl.ocx of the file Winhlp32.exe of the component HTML Help ActiveX Control. This manipulation of the argument Item causes memory corruption. The identification of this vulnerability is CVE-2002-0823. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Applying a patch is the recommended action to fix this issue.
Details
A vulnerability was found in Microsoft Windows (Operating System) (unknown version). It has been declared as critical. Affected by this vulnerability is an unknown code block in the library HHCtrl.ocx of the file Winhlp32.exe of the component HTML Help ActiveX Control. The manipulation of the argument Item with an unknown input leads to a memory corruption vulnerability. The CWE definition for the vulnerability is CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As an impact it is known to affect confidentiality, integrity, and availability. The summary by CVE is:
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
The bug was discovered 08/01/2002. The weakness was shared 04/02/2002 with Next Generation Security Software (Website). The advisory is shared at support.microsoft.com. This vulnerability is known as CVE-2002-0823. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details and also a public exploit are known.
After immediately, there has been an exploit disclosed. It is possible to download the exploit at exploit-db.com. It is declared as proof-of-concept. We expect the 0-day to have been worth approximately $25k-$100k.
Applying the patch 2000 SP3 is able to eliminate this problem. Attack attempts may be identified with Snort ID 3148. Furthermore it is possible to detect and prevent this kind of attack with TippingPoint and the filter 2142.
The vulnerability is also documented in the databases at X-Force (9746), Exploit-DB (21485), SecurityFocus (BID 4857†), OSVDB (2991†) and Vulnerability Center (SBV-41007†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Type
Vendor
Name
License
Website
- Vendor: https://www.microsoft.com/
- Product: https://www.microsoft.com/en-us/windows
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.6
VulDB Base Score: 7.3
VulDB Temp Score: 6.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
Reliability: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Patch: 2000 SP3
Snort ID: 3148
Snort Message: OS-WINDOWS Microsoft Windows HTML Help hhctrl.ocx clsid access attempt
Snort Class: 🔍
Suricata ID: 2103148
Suricata Class: 🔍
Suricata Message: 🔍
TippingPoint: 🔍
McAfee IPS: 🔍
McAfee IPS Version: 🔍
SourceFire IPS: 🔍
PaloAlto IPS: 🔍
Timeline
04/02/2002 🔍04/02/2002 🔍
05/27/2002 🔍
05/27/2002 🔍
08/01/2002 🔍
08/12/2002 🔍
12/14/2003 🔍
08/13/2013 🔍
07/22/2014 🔍
06/25/2025 🔍
Sources
Vendor: microsoft.comProduct: microsoft.com
Advisory: support.microsoft.com
Organization: Next Generation Security Software
Status: Confirmed
CVE: CVE-2002-0823 (🔍)
GCVE (CVE): GCVE-0-2002-0823
GCVE (VulDB): GCVE-100-18709
X-Force: 9746
SecurityFocus: 4857 - Microsoft Windows WinHlp Item Buffer Overflow Vulnerability
OSVDB: 2991 - Microsoft WinHlp Active-X Item Parameter Overflow
Vulnerability Center: 41007 - Microsoft Windows 2000 Winhlp.exe Buffer Overflow Allows Remote Code Execution via a Crafted HTML Document, Critical
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 07/23/2014 00:07Updated: 06/25/2025 08:47
Changes: 07/23/2014 00:07 (79), 07/27/2019 15:44 (1), 06/25/2025 08:47 (20)
Complete: 🔍
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.