Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0907


Vulnerability Score 5.1 5.1
CVE Id CVE-2003-0907
Last Modified 10 Sep 2008 03:20:54
Published 01 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows Xp


CERT-VN - VU#260588

CERT - TA04-104A

MS - MS04-011

BUGTRAQ - 20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support

FULLDISC - 20040413 Microsoft Help and Support Center argument injection vulnerability

XF - win-hcpurl-code-execution(15704)

BID - 10119


CIAC - O-114

Last Updated: 27 May 2016 10:38:06