Microsoft investigated security vulnerabilities in HTML Help

Microsoft's security issues response team said it is currently investigating a buffer overflow error that could be exploited remotely in HTML Help Workshop - a standard help system in operating system versions. Windows.

Microsoft must embark on an investigation of the latest security vulnerability in Windows after the exploit is proven to be able to take advantage of the widely publicized bug. The method of exploiting security errors often causes files with the '.hhp' extension to generate errors and cannot be run.

Security firm Secunia of Denmark only classified this security error on average but at the same time also warned that if successfully exploited this security error can completely allow malicious code run when a dangerous '.hhp' file is opened.

According to widely published warnings, there is a buffer overflow error that exists in the way HTML Help Workshop handles '.hhp' files that allow remote hackers to take control of a user's computer. Use and execute binary code by logging in to the 'user' level.

HTML Help Workstation version 4.74.8702.0 has been confirmed to contain the above security error. However, without removing the case there are many other versions also make similar mistakes, Secunia warns.

However, a Microsoft spokesman said the company had not received any notice of the attacks taking advantage of the security breach mentioned above. At the same time, the spokesperson also said that customers who do not install HTML Help SDK on the system will not be affected by this security hole.

The Microsoft HTML Help SDK is used to create online help for software applications or create content for the website . Programmers can use HTML Help API to program master applications or links. link with contextual help for your own application.