Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0474

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2004-0474
Last Modified 05 Sep 2008 04:38:30
Published 07 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2004-0474

Summary

Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.

Vulnerable Systems

Operating System

  • Microsoft Windows Xp


References

XF - winxp-helpctr-hcp-xss(15101)

BID - 9621

BUGTRAQ - 20040207 HelpCtr - allow open any page or run

BUGTRAQ - 20040211 Re: HelpCtr - allow open any page or run

FULLDISC - 20040213 Re: HelpCtr - allow open any page or run

FULLDISC - 20040210 Re: HelpCtr - allow open any page or run


Last Updated: 27 May 2016 10:38:37