Check or Attack Name: NT Help Overflow

The Windows NT 4.0 help file utility could allow a malformed help file to overflow buffers inside the program. Help files are typically started by pressing the F1 key or by choosing options from the Help menu in programs.

This hole could possibly be manipulated to execute arbitrary code on affected systems.

Apply the Windows NT 4.0 post-SP5 winhlp32-fix update. As a temporary workaround, administrators should restrict what users are allowed to add help files to the system.

Windows NT 4.0 Service Pack 5 (SP5) users, apply the winhlp32-fix update:

1. Open a web browser.
2. Go to ftp://ftp.microsoft.com/bussys/winnt/winnt-public/fixes/usa/NT40/hotfixes-postSP5/winhlp32-fix/.
3. View the readme.txt for versions and install instructions.
4. Download the appropriate patch for your operating environment.
5. Find the patch file you downloaded to your computer.
6. Double-click its icon to start the installation.
7. Follow the installation directions.

Microsoft Knowledge Base Article Q231605, Malformed Help File Causes Help Utility to Stop Responding, http://support.microsoft.com/support/kb/articles/q231/6/05.asp

Microsoft Security Bulletin MS99-015, Patch Available for "Malformed Help File" Vulnerability, http://www.microsoft.com/security/bulletins/ms99-015.asp