VDB

CERTCC-2000-29795

CERTCC-2000-29795 PUBLISHED

The HHOpen ActiveX control (hhopen.ocx) has a buffer overflow in the OpenHelp method. Because the control is marked safe-for-scripting, an attacker may be able to script this control and exploit the vulnerability when you visit a web page. The classID for the vulnerable control is: {130D7743-5F5A-11D1-B676-00A0C9697233}. Impact: An attacker may be able to exploit a buffer overflow in the HHOpen ActiveX control and execute arbitrary code on the system of the person visiting a malicious web page. Resolution: Apply a patch Apply the patch provided by Microsoft in Security Bulletin MS99-037. This patch sets the kill bit which prevents the control from being loaded by Internet Explorer. Workarounds: Disable "Script ActiveX controls marked safe for scripting" In your Internet Explorer security settings, set this option to "disable" or "prompt".

Timeline

  • Sep 10, 1999 CVE Published
  • Nov 1, 2000 CVE Updated
  • Mar 17, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›