Article ID: 811630
Article Last Modified on 5/12/2007
APPLIES TO
- Microsoft Windows XP Professional for Itanium-based systems
- Microsoft Windows XP Home Edition
- Microsoft Windows XP Professional
- Microsoft Windows XP Tablet PC Edition
- Microsoft Windows XP Media Center Edition 2002
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
- Microsoft Windows 2000 Server
- Microsoft Windows NT Server 4.0 Standard Edition
- Microsoft Windows NT Server 4.0, Terminal Server Edition
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows Millennium Edition
- Microsoft Windows 98 Standard Edition
- Microsoft Windows 98 Second Edition
SYMPTOMS
Either of the following symptoms may occur when you use Microsoft Internet Explorer to open or use a Web page that calls the window.showHelp script method to open a Uniform Resource Locator (URL) in an HTML Help window:
- The URL that is specified by the window.showHelp method does not appear in the HTML Help window after you install the February 2003 Cumulative Patch for Internet Explorer (MS03-004).
- If you have not installed the February 2003 Cumulative Patch for Internet Explorer (MS03-004), an attacker may be able to host a Web page that calls the window.showHelp method to open an URL in another domain in the HTML Help window. This may permit the attacker access the data that the Web site of that URL contains.
With the window.showHelp method, you can also open an HTML Help (.chm) file that contains a shortcut. A shortcut is a command that the HTML Help ActiveX control supports. The command opens a program file from the Help topic. If you have not installed the February 2003 Cumulative Patch for Internet Explorer (MS03-004), and other vulnerabilities exist that permit an attacker to have write access to the data that is in the HTML Help topic window, the attacker might use the shortcut command to run code in the user's security context. For more information about the February 2003 cumulative patch for Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:
810847 MS03-004: February, 2003, cumulative patch for Internet Explorer
RESOLUTION
Note The fixes that are described in this article supersede the fixes that are described in "MS02-055: Unchecked buffer in Windows Help facility may allow attacker to run code (323255)."
Windows 2000 Service Pack Information
To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For more information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to obtain the latest Windows 2000 service pack
Update Information
To resolve this problem, install Critical Update 811630. To download and install this update, visit the following Microsoft Windows Update Web site:
Note You cannot remove this critical update.
Administrators can download this critical update from the Microsoft Download Center or from the Windows Update Catalog to deploy to multiple computers. If you want to obtain this critical update to install later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog. For more information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:
323166 How to download Windows updates and drivers from the Windows Update Catalog
Note The Windows NT 4.0 critical update is not available from the Windows Update Catalog. To download the Windows NT 4.0 critical update to install later on one or more than one computer, use the Microsoft Download Center.
To download this critical update from the Microsoft Download Center, visit the following Microsoft Web sites.
Windows 2000 Advanced Server, Windows 2000 Server, Windows 2000 Professional
Windows XP Home Edition, Windows XP professional, Windows XP Tablet PC Edition, Windows XP Media Center Edition
Windows XP 64-Bit Edition
Windows NT 4.0 Terminal Server Edition, Windows NT 4.0 Server, Windows NT 4.0 Workstation
The Windows NT 4.0 version of this critical update is currently not available from the Microsoft Download Center. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the Windows NT 4.0 version of this critical update.
Windows 98 and Windows 98 Second Edition
Note The Windows Millennium Edition (Me) update is not available from the Microsoft Download Center. To download the Windows Millennium Edition update to install later on one or more than one computer, use the Windows Update Catalog.
Note You do not have to restart your computer after you apply this update.
For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to obtain Microsoft support files from online services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to the file.
File Information
The English version of this update has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows XP Professional and Windows XP Home Edition
Date Time Version Size File name ---------------------------------------------------------------------- 09-Nov-2002 10:47 5.2.3644.0 10,752 %Windir%\Hh.exe 19-Dec-2002 23:35 5.2.3735.0 516,192 %Windir%\System32\Hhctrl.ocx 13-Jan-2003 15:27 5.2.3644.0 37,888 %Windir%\System32\Hhsetup.dll 13-Jan-2003 15:27 5.2.3644.0 143,872 %Windir%\System32\Itircl.dll 13-Jan-2003 15:27 5.2.3644.0 122,368 %Windir%\System32\Itss.dll
Windows XP Professional SP1, Windows XP Home Edition SP1, Windows XP Tablet PC Edition, and Windows XP Media Center Edition
Date Time Version Size File name ---------------------------------------------------------------------- 17-Dec-2002 22:43 5.2.3644.0 10,752 %Windir%\Hh.exe 20-Dec-2002 20:38 5.2.3735.0 516,192 %Windir%\System32\Hhctrl.ocx 10-Jan-2003 19:43 5.2.3644.0 37,888 %Windir%\System32\Hhsetup.dll 10-Jan-2003 19:43 5.2.3644.0 143,872 %Windir%\System32\Itircl.dll 10-Jan-2003 19:43 5.2.3644.0 122,368 %Windir%\System32\Itss.dll
Windows XP 64-Bit Edition
Date Time Version Size File name Platform ------------------------------------------------------------------------------ 12-Jun-2002 22:24 5.2.3644.0 13,824 %Windir%\Hh.exe IA64 19-Dec-2002 23:35 5.2.3735.0 1,524,320 %Windir%\System32\Hhctrl.ocx IA64 09-Jan-2003 18:50 5.2.3644.0 100,864 %Windir%\System32\Hhsetup.dll IA64 09-Jan-2003 18:50 5.2.3644.0 613,888 %Windir%\System32\Itircl.dll IA64 09-Jan-2003 18:50 5.2.3644.0 356,864 %Windir%\System32\Itss.dll IA64 09-Nov-2002 10:47 5.2.3644.0 10,752 %Windir%\SysWOW64\Hh.exe x86 19-Dec-2002 23:35 5.2.3735.0 516,192 %Windir%\SysWOW64\Hhctrl.ocx x86 09-Nov-2002 10:47 5.2.3644.0 37,888 %Windir%\SysWOW64\Hhsetup.dll x86 09-Nov-2002 10:47 5.2.3644.0 143,872 %Windir%\SysWOW64\Itircl.dll x86 09-Nov-2002 10:48 5.2.3644.0 122,368 %Windir%\SysWOW64\Itss.dll x86
Windows XP 64-Bit Edition SP1
Date Time Version Size File name Platform ------------------------------------------------------------------------------ 26-Nov-2002 20:34 5.2.3644.0 13,824 %Windir%\Hh.exe IA64 20-Dec-2002 20:38 5.2.3735.0 1,524,320 %Windir%\System32\Hhctrl.ocx IA64 09-Jan-2003 19:03 5.2.3644.0 100,864 %Windir%\System32\Hhsetup.dll IA64 09-Jan-2003 19:03 5.2.3644.0 613,888 %Windir%\System32\Itircl.dll IA64 09-Jan-2003 19:03 5.2.3644.0 356,864 %Windir%\System32\Itss.dll IA64 17-Dec-2002 22:43 5.2.3644.0 10,752 %Windir%\SysWOW64\Hh.exe x86 20-Dec-2002 20:38 5.2.3735.0 516,192 %Windir%\SysWOW64\Hhctrl.ocx x86 17-Dec-2002 22:43 5.2.3644.0 37,888 %Windir%\SysWOW64\Hhsetup.dll x86 17-Dec-2002 22:43 5.2.3644.0 143,872 %Windir%\SysWOW64\Itircl.dll x86 17-Dec-2002 22:43 5.2.3644.0 122,368 %Windir%\SysWOW64\Itss.dll x86
Windows 2000
Date Time Version Size File name ---------------------------------------------------------------------- 26-Nov-2002 19:23 5.2.3644.0 10,752 %Windir%\Hh.exe 31-Dec-2002 17:27 5.2.3735.1 516,200 %Windir%\System32\Hhctrl.ocx 31-Dec-2002 17:29 5.2.3644.0 37,888 %Windir%\System32\Hhsetup.dll 31-Dec-2002 17:29 5.2.3644.0 143,872 %Windir%\System32\Itircl.dll 31-Dec-2002 17:29 5.2.3644.0 122,368 %Windir%\System32\Itss.dll
Windows NT 4.0
Date Time Version Size File name ---------------------------------------------------------------------- 16-Dec-2002 17:27 5.2.3644.0 10,752 %Windir%\Hh.exe 16-Dec-2002 18:10 5.2.3735.0 516,192 %Windir%\System32\Hhctrl.ocx 16-Dec-2002 17:27 5.2.3644.0 37,888 %Windir%\System32\Hhsetup.dll 16-Dec-2002 17:27 5.2.3644.0 143,872 %Windir%\System32\Itircl.dll 16-Dec-2002 17:27 5.2.3644.0 122,368 %Windir%\System32\Itss.dll
Windows Millennium Edition
Date Time Version Size File name -------------------------------------------------------------------- 16-Dec-2002 13:10 5.2.3735.0 516,192 %Windir%\System\Hhctrl.ocx 16-Dec-2002 12:27 5.2.3644.0 10,752 %Windir%\Hh.exe 16-Dec-2002 12:27 5.2.3644.0 37,888 %Windir%\System\Hhsetup.dll 16-Dec-2002 12:27 5.2.3644.0 143,872 %Windir%\System\Itircl.dll 16-Dec-2002 12:27 5.2.3644.0 122,368 %Windir%\System\Itss.dll
Windows 98 and Windows 98 Second Edition
Date Time Version Size File name -------------------------------------------------------------------- 10-Jun-2002 17:56 5.2.3644.0 10,752 %Windir%\Hh.exe 16-Dec-2002 18:10 5.2.3735.0 516,192 %Windir%\System\Hhctrl.ocx 20-May-2002 16:09 5.2.3635.0 88,064 Hhctrlui.dll 10-Jun-2002 17:56 5.2.3644.0 37,888 %Windir%\System\Hhsetup.dll 10-Jun-2002 17:56 5.2.3644.0 143,872 %Windir%\System\Itircl.dll 10-Jun-2002 17:56 5.2.3644.0 122,368 %Windir%\System\Itss.dll
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 4.
MORE INFORMATION
HTML Help now supports a command that is named HH_SAFE_DISPLAY_TOPIC for its HTMLHELP interface. This command can be used to limit some HTML Help functionality. For information about a corresponding showHelp method that calls the HTMLHELP interface with this new command, click the following article number to view the article in the Microsoft Knowledge Base:
810847 MS03-004: February, 2003, cumulative patch for Internet Explorer
HH_SAFE_DISPLAY_TOPIC is defined as an unsigned integer with the value of (0x20).
When the updates that are described in this article and in Microsoft Knowledge Base article 810847 are installed, the following functionality is limited in the HTML Help window when window.showHelp or the HTMLHELP interface is called with the HH_SAFE_DISPLAY_TOPIC command:
- All HTML Help shortcut commands are disabled for the current process.
- The URL parameter must use one of the following supported protocols to succeed: http:, https:, file:, ftp:, ms-its:, or mk:@MSITStore:.
Additional query words: showHelp Tutorial "Getting Started"
Keywords: atdownload kbsecbulletin kbsecvulnerability kbsecurity kbqfe KB811630