CVE Database · CVE-2004-1361
CVSS v3.1
N/A
EPSS
20.01%
Published
Dec 23, 2004
Modified
Apr 15, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a malformed .hlp file, which leads to a heap-based buffer overflow.
Affected Products (56)
References (8)
...and 6 more
