HTML Help Update to Limit Functionality When It Is Invoked with the window.showHelp( ) Method (811630)



The information in this article applies to:

  • Microsoft Windows XP 64-Bit Edition
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Tablet PC Edition
  • Microsoft Windows XP Media Center Edition
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows NT Server 4.0 Terminal Server Edition
  • Microsoft Windows NT Workstation 4.0
  • Microsoft Windows Millennium Edition
  • Microsoft Windows 98
  • Microsoft Windows 98 Second Edition

SYMPTOMS

Either of the following symptoms may occur when you use Microsoft Internet Explorer to open or use a Web page that calls the window.showHelp script method to open a Uniform Resource Locator (URL) in an HTML Help window:
  • The URL that is specified by the window.showHelp method does not appear in the HTML Help window after you install the February 2003 Cumulative Patch for Internet Explorer (MS03-004).
  • If you have not installed the February 2003 Cumulative Patch for Internet Explorer (MS03-004), an attacker may be able to host a Web page that calls the window.showHelp method to open an URL in another domain in the HTML Help window. This may permit the attacker access the data that the Web site of that URL contains.
With the window.showHelp method, you can also open an HTML Help (.chm) file that contains a shortcut. A shortcut is a command that the HTML Help ActiveX control supports. The command opens a program file from the Help topic. If you have not installed the February 2003 Cumulative Patch for Internet Explorer (MS03-004), and other vulnerabilities exist that permit an attacker to have write access to the data that is in the HTML Help topic window, the attacker might use the shortcut command to run code in the user's security context. For additional information about the February 2003 Cumulative Patch for Internet Explorer, click the following article number to view the article in the Microsoft Knowledge Base:

810847 MS03-004: February, 2003, Cumulative Patch for Internet Explorer

RESOLUTION

Note The fixes that are described in this article supersede the fixes that are described in "MS02-055: Unchecked buffer in Windows Help facility may allow attacker to run code (323255)."

Windows 2000 Service Pack Information

To resolve this problem, obtain the latest service pack for Microsoft Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to Obtain the Latest Windows 2000 Service Pack

Update Information

To resolve this problem, install Critical Update 811630. To download and install this update, visit the following Microsoft Windows Update Web site:

Note You cannot remove this critical update.

Administrators can download this critical update from the Microsoft Download Center or from the Windows Update Catalog to deploy to multiple computers. If you want to obtain this critical update to install later on one or more computers, search for this article ID number by using the Advanced Search Options feature in the Windows Update Catalog. For additional information about how to download updates from the Windows Update Catalog, click the following article number to view the article in the Microsoft Knowledge Base:

323166 HOW TO: Download Windows Updates and Drivers from the Windows Update Catalog

Note The Windows NT 4.0 critical update is not available from the Windows Update Catalog. To download the Windows NT 4.0 critical update to install later on one or more than one computer, use the Microsoft Download Center.

To download this critical update from the Microsoft Download Center, visit the following Microsoft Web sites.

Windows 2000 Advanced Server, Windows 2000 Server, Windows 2000 Professional

Windows XP Home Edition, Windows XP professional, Windows XP Tablet PC Edition, Windows XP Media Center Edition

Windows XP 64-Bit Edition

Windows NT 4.0 Terminal Server Edition, Windows NT 4.0 Server, Windows NT 4.0 Workstation

The Windows NT 4.0 version of this critical update is currently not available from the Microsoft Download Center. To resolve this problem immediately, contact Microsoft Product Support Services to obtain the Windows NT 4.0 version of this critical update.

Windows 98 and Windows 98 Second Edition

Note The Windows Millennium Edition (Me) update is not available from the Microsoft Download Center. To download the Windows Millennium Edition update to install later on one or more than one computer, use the Windows Update Catalog.

Note You do not have to restart your computer after you apply this update.

For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:

119591 How to Obtain Microsoft Support Files from Online Services

Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file.

File Information

The English version of this fix has the file attributes (or later) that are listed in the following table. The dates and times for these files are listed in coordinated universal time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time tool in Control Panel.

Windows XP Professional and Windows XP Home Edition

   Date         Time   Version     Size     File name
   ----------------------------------------------------------------------
   09-Nov-2002  10:47  5.2.3644.0   10,752  %Windir%\Hh.exe              
   19-Dec-2002  23:35  5.2.3735.0  516,192  %Windir%\System32\Hhctrl.ocx 
   13-Jan-2003  15:27  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll
   13-Jan-2003  15:27  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 
   13-Jan-2003  15:27  5.2.3644.0  122,368  %Windir%\System32\Itss.dll   

Windows XP Professional SP1, Windows XP Home Edition SP1, Windows XP Tablet PC Edition, and Windows XP Media Center Edition

   Date         Time   Version     Size     File name
   ----------------------------------------------------------------------
   17-Dec-2002  22:43  5.2.3644.0   10,752  %Windir%\Hh.exe              
   20-Dec-2002  20:38  5.2.3735.0  516,192  %Windir%\System32\Hhctrl.ocx 
   10-Jan-2003  19:43  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll
   10-Jan-2003  19:43  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 
   10-Jan-2003  19:43  5.2.3644.0  122,368  %Windir%\System32\Itss.dll

Windows XP 64-Bit Edition

   Date         Time   Version     Size       File name                  Platform
   ------------------------------------------------------------------------------
   12-Jun-2002  22:24  5.2.3644.0     13,824  %Windir%\Hh.exe                IA64
   19-Dec-2002  23:35  5.2.3735.0  1,524,320  %Windir%\System32\Hhctrl.ocx   IA64
   09-Jan-2003  18:50  5.2.3644.0    100,864  %Windir%\System32\Hhsetup.dll  IA64
   09-Jan-2003  18:50  5.2.3644.0    613,888  %Windir%\System32\Itircl.dll   IA64
   09-Jan-2003  18:50  5.2.3644.0    356,864  %Windir%\System32\Itss.dll     IA64
   09-Nov-2002  10:47  5.2.3644.0     10,752  %Windir%\SysWOW64\Hh.exe       x86
   19-Dec-2002  23:35  5.2.3735.0    516,192  %Windir%\SysWOW64\Hhctrl.ocx   x86
   09-Nov-2002  10:47  5.2.3644.0     37,888  %Windir%\SysWOW64\Hhsetup.dll  x86
   09-Nov-2002  10:47  5.2.3644.0    143,872  %Windir%\SysWOW64\Itircl.dll   s86
   09-Nov-2002  10:48  5.2.3644.0    122,368  %Windir%\SysWOW64\Itss.dll     x86

Windows XP 64-Bit Edition SP1

   Date         Time   Version     Size       File name                  Platform
   ------------------------------------------------------------------------------
   26-Nov-2002  20:34  5.2.3644.0     13,824  %Windir%\Hh.exe                IA64
   20-Dec-2002  20:38  5.2.3735.0  1,524,320  %Windir%\System32\Hhctrl.ocx   IA64
   09-Jan-2003  19:03  5.2.3644.0    100,864  %Windir%\System32\Hhsetup.dll  IA64
   09-Jan-2003  19:03  5.2.3644.0    613,888  %Windir%\System32\Itircl.dll   IA64
   09-Jan-2003  19:03  5.2.3644.0    356,864  %Windir%\System32\Itss.dll     IA64
   17-Dec-2002  22:43  5.2.3644.0     10,752  %Windir%\SysWOW64\Hh.exe       x86
   20-Dec-2002  20:38  5.2.3735.0    516,192  %Windir%\SysWOW64\Hhctrl.ocx   x86
   17-Dec-2002  22:43  5.2.3644.0     37,888  %Windir%\SysWOW64\Hhsetup.dll  x86
   17-Dec-2002  22:43  5.2.3644.0    143,872  %Windir%\SysWOW64\Itircl.dll   x86
   17-Dec-2002  22:43  5.2.3644.0    122,368  %Windir%\SysWOW64\Itss.dll     x86

Windows 2000

   Date         Time   Version     Size     File name
   ----------------------------------------------------------------------
   26-Nov-2002  19:23  5.2.3644.0   10,752  %Windir%\Hh.exe              
   31-Dec-2002  17:27  5.2.3735.1  516,200  %Windir%\System32\Hhctrl.ocx 
   31-Dec-2002  17:29  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll
   31-Dec-2002  17:29  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 
   31-Dec-2002  17:29  5.2.3644.0  122,368  %Windir%\System32\Itss.dll

Windows NT 4.0

   Date         Time   Version     Size     File name
   ----------------------------------------------------------------------
   16-Dec-2002  17:27  5.2.3644.0   10,752  %Windir%\Hh.exe              
   16-Dec-2002  18:10  5.2.3735.0  516,192  %Windir%\System32\Hhctrl.ocx 
   16-Dec-2002  17:27  5.2.3644.0   37,888  %Windir%\System32\Hhsetup.dll
   16-Dec-2002  17:27  5.2.3644.0  143,872  %Windir%\System32\Itircl.dll 
   16-Dec-2002  17:27  5.2.3644.0  122,368  %Windir%\System32\Itss.dll   

Windows Millennium Edition

   Date         Time   Version     Size     File name
   --------------------------------------------------------------------
   16-Dec-2002  13:10  5.2.3735.0  516,192  %Windir%\System\Hhctrl.ocx 
   16-Dec-2002  12:27  5.2.3644.0   10,752  %Windir%\Hh.exe            
   16-Dec-2002  12:27  5.2.3644.0   37,888  %Windir%\System\Hhsetup.dll
   16-Dec-2002  12:27  5.2.3644.0  143,872  %Windir%\System\Itircl.dll
   16-Dec-2002  12:27  5.2.3644.0  122,368  %Windir%\System\Itss.dll

Windows 98 and Windows 98 Second Edition

   Date         Time   Version     Size     File name
   --------------------------------------------------------------------
   10-Jun-2002  17:56  5.2.3644.0   10,752  %Windir%\Hh.exe            
   16-Dec-2002  18:10  5.2.3735.0  516,192  %Windir%\System\Hhctrl.ocx 
   20-May-2002  16:09  5.2.3635.0   88,064  Hhctrlui.dll               
   10-Jun-2002  17:56  5.2.3644.0   37,888  %Windir%\System\Hhsetup.dll
   10-Jun-2002  17:56  5.2.3644.0  143,872  %Windir%\System\Itircl.dll 
   10-Jun-2002  17:56  5.2.3644.0  122,368  %Windir%\System\Itss.dll   

STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article. This problem was first corrected in Windows 2000 Service Pack 4.

MORE INFORMATION

HTML Help now supports a command that is named HH_SAFE_DISPLAY_TOPIC for its HTMLHELP interface. This command can be used to limit some HTML Help functionality. For information about a corresponding showHelp method that calls the HTMLHELP interface with this new command, click the following article number to view the article in the Microsoft Knowledge Base:

810847 MS03-004: February, 2003, Cumulative Patch for Internet Explorer

HH_SAFE_DISPLAY_TOPIC is defined as an unsigned integer with the value of (0x20).

When the updates that are described in this article and in Microsoft Knowledge Base article 810847 are installed, the following functionality is limited in the HTML Help window when window.showHelp or the HTMLHELP interface is called with the HH_SAFE_DISPLAY_TOPIC command:
  • All HTML Help shortcut commands are disabled for the current process.
  • The URL parameter must use one of the following supported protocols to succeed: http:, https:, file:, ftp:, ms-its:, or mk:@MSITStore:.

Modification Type:MinorLast Reviewed:7/8/2005
Keywords:ATdownload KbSECBulletin KbSECVulnerability kbSecurity kbQFE KB811630