Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0907

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2003-0907
Last Modified 10 Sep 2008 03:20:54
Published 01 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-0907

Summary

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp


References

CERT-VN - VU#260588

CERT - TA04-104A

MS - MS04-011

BUGTRAQ - 20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support

FULLDISC - 20040413 Microsoft Help and Support Center argument injection vulnerability

XF - win-hcpurl-code-execution(15704)

BID - 10119

MISC - http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities

CIAC - O-114


Last Updated: 27 May 2016 10:38:06