>> Microsoft Windows Infotech Storage System Library Heap Corruption Vulnerability
Title : Microsoft Windows Infotech Storage System Library Heap Corruption Vulnerability VUPEN ID : VUPEN/ADV-2006-1761 CVE ID : CVE-2006-2297
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-05-10
Technical Description
A vulnerability has been identified in Microsoft Windows, which could be exploited by attackers to execute arbitrary commands. This flaw is due to a heap corruption error in the Infotech Storage System Library ("itss.dll") that does not properly handle malformed ".CHM" files, which could be exploited by attackers to compromise a vulnerable system by tricking a user into opening or decompiling a malicious ".chm" file using the Microsoft Windows Help Utility ("hh.exe").
