Oval Definition:oval:org.mitre.oval:def:403
Revision Date:2011-05-16Version:47
Title:Code Execution via Compiled HTML Help File
Description:The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2002-0694
Platform(s):Microsoft Windows 2000
Product(s):HTML Help Facility
Definition Synopsis
  • Windows 2000 is installed
  • AND the version of hhsetup.dll is less than 5.2.3644.0
  • AND the version of itircl.dll is less than 5.2.3644.0
  • AND the version of itss.dll is less than 5.2.3644.0
  • AND NOT the patch q323255 is installed (Hotfix key)
  • AND NOT SP4 or later Installed
  • BACK