Published:2011/05/11  Last Updated:2011/05/13

JVN#63898867
Applications that use the Windows Help function may be vulnerable to privilege escalation

Overview

Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.

Products Affected

For information on Products Affected, please refer to the "Vendor Status" section below.

Description

Applications or Services that call the Windows Help function in an insecure manner may allow a user unauthorized access to resrouces on the system.

This issue may occur in applications or services where the Help function is not called in a secure manner. An example of this is when Anti-virus software or a personal firewall is running on the local system with the privileges of an administrator on the local system, and has an interface to "communicate" with the user.

Impact

A user may gain unauthorized access to resources on the system.

Solution

Refer to the "Vendor Status" section below for Solution information on each application.

References

  1. Microsoft Support Article ID 327618
    Security, services and the interactive desktop in Windows

JPCERT/CC Addendum

A similar issue was published in the past, however, from a secure coding standpoint, this report has been published on JVN targeting software developers.

This JVN publication was delayed to 2011/5/11 after developer fixes were developed. From the fiscal year 2011, JPCERT/CC is using a new vendor coordination procedure. This new procedure came from the recommendation of the fiscal year 2010 "Study Group on Information System Vulnerability Handling" aimed at more timely JVN publications.

Vulnerability Analysis by JPCERT/CC

Analyzed on 2011.05.11

Measures Conditions Severity
Access Required requires you to login into the box to a shell or remote desktop
  • Low-Mid
Authentication login caused to be created by an administrator
  • Low-Mid
User Interaction Required the vulnerability can be exploited without an honest user taking any action
  • High
Exploit Complexity some expertise and/or luck required (most buffer overflows, guessing correctly in small space, expertise in Windows function calls)
  • Mid-High

Description of each analysis measures

Credit

ISIHARA Takanori reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2002-1540
CVE-2005-2017
JVN iPedia JVNDB-2011-000026

Update History

2011/05/13
Published in English