Microsoft Windows Server 2003, XP, 2000, NT 4.0, ME and 98 contain a vulnerability in the Windows Help system that could allow a remote attacker to execute arbitrary code.
The vulnerability exists in the winhlp32.exe file and is due to insufficient bounds checking when processing Windows Help files. A remote attacker could exploit this vulnerability via a malformed image embedded within a Help file. When winhlp32.exe attempts to process the file, a buffer overflow is triggered, overwriting heap space. This could result in a DoS condition and may allow the attacker to execute arbitrary code with the permissions of the user.
Proof-of-concept code is available.
Microsoft has not acknowledged this vulnerability and patches are