Microsoft KB Archive/811630

= HTML Help update to limit functionality when it is invoked with the window.showHelp method =

Article ID: 811630

Article Last Modified on 5/12/2007

-

APPLIES TO


 * Microsoft Windows XP Professional for Itanium-based systems
 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional
 * Microsoft Windows XP Tablet PC Edition
 * Microsoft Windows XP Media Center Edition 2002
 * Microsoft Windows 2000 Advanced Server
 * Microsoft Windows 2000 Professional Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows NT Server 4.0 Standard Edition
 * Microsoft Windows NT Server 4.0, Terminal Server Edition
 * Microsoft Windows NT Workstation 4.0 Developer Edition
 * Microsoft Windows Millennium Edition
 * Microsoft Windows 98 Standard Edition
 * Microsoft Windows 98 Second Edition

-



SYMPTOMS
Either of the following symptoms may occur when you use Microsoft Internet Explorer to open or use a Web page that calls the window.showHelp script method to open a Uniform Resource Locator (URL) in an HTML Help window:
 * The URL that is specified by the window.showHelp method does not appear in the HTML Help window after you install the February 2003 Cumulative Patch for Internet Explorer (MS03-004).
 * If you have not installed the February 2003 Cumulative Patch for Internet Explorer (MS03-004), an attacker may be able to host a Web page that calls the window.showHelp method to open an URL in another domain in the HTML Help window. This may permit the attacker access the data that the Web site of that URL contains.

With the window.showHelp method, you can also open an HTML Help (.chm) file that contains a shortcut. A shortcut is a command that the HTML Help ActiveX control supports. The command opens a program file from the Help topic. If you have not installed the February 2003 Cumulative Patch for Internet Explorer (MS03-004), and other vulnerabilities exist that permit an attacker to have write access to the data that is in the HTML Help topic window, the attacker might use the shortcut command to run code in the user's security context. For more information about the February 2003 cumulative patch for Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

810847 MS03-004: February, 2003, cumulative patch for Internet Explorer



RESOLUTION
Note The fixes that are described in this article supersede the fixes that are described in &quot;MS02-055: Unchecked buffer in Windows Help facility may allow attacker to run code (323255).&quot;

Windows 2000 Service Pack Information
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 service pack

Update Information
To resolve this problem, install Critical Update 811630. To download and install this update, visit the following Microsoft Windows Update Web site:

http://windowsupdate.microsoft.com

Note You cannot remove this critical update.

Administrators can download this critical update from the Microsoft Download Center or from the Windows Update Catalog to deploy to multiple computers. If you want to obtain this critical update to install later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog. For more information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:

323166 How to download Windows updates and drivers from the Windows Update Catalog

Note The Windows NT 4.0 critical update is not available from the Windows Update Catalog. To download the Windows NT 4.0 critical update to install later on one or more than one computer, use the Microsoft Download Center.

To download this critical update from the Microsoft Download Center, visit the following Microsoft Web sites.

Windows 2000 Advanced Server, Windows 2000 Server, Windows 2000 Professional
http://www.microsoft.com/downloads/details.aspx?FamilyID=6e1c7f59-aba6-4824-90df-43a5be073cd9&DisplayLang=en

Windows XP Home Edition, Windows XP professional, Windows XP Tablet PC Edition, Windows XP Media Center Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=2a086526-ae89-4cb3-a819-e6da160f2e66&DisplayLang=en

Windows XP 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyID=8b6c98b6-5bb5-4120-8191-f02655ae2c75&DisplayLang=en

Windows NT 4.0 Terminal Server Edition, Windows NT 4.0 Server, Windows NT 4.0 Workstation
The Windows NT 4.0 version of this critical update is currently not available from the Microsoft Download Center. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the Windows NT 4.0 version of this critical update.

Windows 98 and Windows 98 Second Edition
http://support.microsoft.com/ph/1139

Note The Windows Millennium Edition (Me) update is not available from the Microsoft Download Center. To download the Windows Millennium Edition update to install later on one or more than one computer, use the Windows Update Catalog.

Note You do not have to restart your computer after you apply this update.

For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to obtain Microsoft support files from online services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.

File Information
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.

Windows XP Professional and Windows XP Home Edition
  Date         Time   Version     Size     File name --  09-Nov-2002  10:47  5.2.3644.0   10,752  %Windir%\Hh.exe 19-Dec-2002 23:35  5.2.3735.0  516,192  %Windir%\System32\Hhctrl.ocx 13-Jan-2003 15:27  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll 13-Jan-2003 15:27  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 13-Jan-2003 15:27  5.2.3644.0  122,368  %Windir%\System32\Itss.dll

Windows XP Professional SP1, Windows XP Home Edition SP1, Windows XP Tablet PC Edition, and Windows XP Media Center Edition
  Date         Time   Version     Size     File name --  17-Dec-2002  22:43  5.2.3644.0   10,752  %Windir%\Hh.exe 20-Dec-2002 20:38  5.2.3735.0  516,192  %Windir%\System32\Hhctrl.ocx 10-Jan-2003 19:43  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll 10-Jan-2003 19:43  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 10-Jan-2003 19:43  5.2.3644.0  122,368  %Windir%\System32\Itss.dll

Windows XP 64-Bit Edition
  Date         Time   Version     Size       File name                  Platform --  12-Jun-2002  22:24  5.2.3644.0     13,824  %Windir%\Hh.exe                IA64 19-Dec-2002 23:35  5.2.3735.0  1,524,320  %Windir%\System32\Hhctrl.ocx   IA64 09-Jan-2003 18:50  5.2.3644.0    100,864  %Windir%\System32\Hhsetup.dll  IA64 09-Jan-2003 18:50  5.2.3644.0    613,888  %Windir%\System32\Itircl.dll   IA64 09-Jan-2003 18:50  5.2.3644.0    356,864  %Windir%\System32\Itss.dll     IA64 09-Nov-2002 10:47  5.2.3644.0     10,752  %Windir%\SysWOW64\Hh.exe       x86 19-Dec-2002 23:35  5.2.3735.0    516,192  %Windir%\SysWOW64\Hhctrl.ocx   x86 09-Nov-2002 10:47  5.2.3644.0     37,888  %Windir%\SysWOW64\Hhsetup.dll  x86 09-Nov-2002 10:47  5.2.3644.0    143,872  %Windir%\SysWOW64\Itircl.dll   x86 09-Nov-2002 10:48  5.2.3644.0    122,368  %Windir%\SysWOW64\Itss.dll     x86

Windows XP 64-Bit Edition SP1
  Date         Time   Version     Size       File name                  Platform --  26-Nov-2002  20:34  5.2.3644.0     13,824  %Windir%\Hh.exe                IA64 20-Dec-2002 20:38  5.2.3735.0  1,524,320  %Windir%\System32\Hhctrl.ocx   IA64 09-Jan-2003 19:03  5.2.3644.0    100,864  %Windir%\System32\Hhsetup.dll  IA64 09-Jan-2003 19:03  5.2.3644.0    613,888  %Windir%\System32\Itircl.dll   IA64 09-Jan-2003 19:03  5.2.3644.0    356,864  %Windir%\System32\Itss.dll     IA64 17-Dec-2002 22:43  5.2.3644.0     10,752  %Windir%\SysWOW64\Hh.exe       x86 20-Dec-2002 20:38  5.2.3735.0    516,192  %Windir%\SysWOW64\Hhctrl.ocx   x86 17-Dec-2002 22:43  5.2.3644.0     37,888  %Windir%\SysWOW64\Hhsetup.dll  x86 17-Dec-2002 22:43  5.2.3644.0    143,872  %Windir%\SysWOW64\Itircl.dll   x86 17-Dec-2002 22:43  5.2.3644.0    122,368  %Windir%\SysWOW64\Itss.dll     x86

Windows 2000
  Date         Time   Version     Size     File name --  26-Nov-2002  19:23  5.2.3644.0   10,752  %Windir%\Hh.exe 31-Dec-2002 17:27  5.2.3735.1  516,200  %Windir%\System32\Hhctrl.ocx 31-Dec-2002 17:29  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll 31-Dec-2002 17:29  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 31-Dec-2002 17:29  5.2.3644.0  122,368  %Windir%\System32\Itss.dll

Windows NT 4.0
  Date         Time   Version     Size     File name --  16-Dec-2002  17:27  5.2.3644.0   10,752  %Windir%\Hh.exe 16-Dec-2002 18:10  5.2.3735.0  516,192  %Windir%\System32\Hhctrl.ocx 16-Dec-2002 17:27  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll 16-Dec-2002 17:27  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 16-Dec-2002 17:27  5.2.3644.0  122,368  %Windir%\System32\Itss.dll

Windows Millennium Edition
  Date         Time   Version     Size     File name 16-Dec-2002 13:10  5.2.3735.0  516,192  %Windir%\System\Hhctrl.ocx 16-Dec-2002 12:27  5.2.3644.0   10,752  %Windir%\Hh.exe 16-Dec-2002 12:27  5.2.3644.0   37,888  %Windir%\System\Hhsetup.dll 16-Dec-2002 12:27  5.2.3644.0  143,872  %Windir%\System\Itircl.dll 16-Dec-2002 12:27  5.2.3644.0  122,368  %Windir%\System\Itss.dll

Windows 98 and Windows 98 Second Edition
  Date         Time   Version     Size     File name 10-Jun-2002 17:56  5.2.3644.0   10,752  %Windir%\Hh.exe 16-Dec-2002 18:10  5.2.3735.0  516,192  %Windir%\System\Hhctrl.ocx 20-May-2002 16:09  5.2.3635.0   88,064  Hhctrlui.dll 10-Jun-2002 17:56  5.2.3644.0   37,888  %Windir%\System\Hhsetup.dll 10-Jun-2002 17:56  5.2.3644.0  143,872  %Windir%\System\Itircl.dll 10-Jun-2002 17:56  5.2.3644.0  122,368  %Windir%\System\Itss.dll



STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Windows 2000 Service Pack 4.



MORE INFORMATION
HTML Help now supports a command that is named HH_SAFE_DISPLAY_TOPIC for its HTMLHELP interface. This command can be used to limit some HTML Help functionality. For information about a corresponding showHelp method that calls the HTMLHELP interface with this new command, click the following article number to view the article in the Microsoft Knowledge Base:

810847 MS03-004: February, 2003, cumulative patch for Internet Explorer

HH_SAFE_DISPLAY_TOPIC is defined as an unsigned integer with the value of (0x20).

When the updates that are described in this article and in Microsoft Knowledge Base article 810847 are installed, the following functionality is limited in the HTML Help window when window.showHelp or the HTMLHELP interface is called with the HH_SAFE_DISPLAY_TOPIC command:
 * All HTML Help shortcut commands are disabled for the current process.
 * The URL parameter must use one of the following supported protocols to succeed: http:, https:, file:, ftp:, ms-its:, or mk:@MSITStore:.

Additional query words: showHelp Tutorial &quot;Getting Started&quot;

Keywords: atdownload kbsecbulletin kbsecvulnerability kbsecurity kbqfe KB811630

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.