Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0199

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-0199
Last Modified 10 Sep 2008 03:25:29
Published 14 Jun 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0199

Summary

Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).

Vulnerable Systems

Operating System

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows Xp


References

CERT-VN - VU#484814

XF - win-hcp-code-execution(16095)

BID - 10321

MS - MS04-015

BUGTRAQ - 20040512 MS04-015 - Windows Help Center - Dvdupgrade

MISC - http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt


Last Updated: 27 May 2016 10:38:30