CVE-2003-0907

Description

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Related CPE's

Could not find any relations

References

TA04-104A

Third Party AdvisoryUS Government Resource

VU#260588

PatchThird Party AdvisoryUS Government Resource

20040413 Microsoft Help and Support Center argument injection vulnerability

O-114

10119

http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities

20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support

win-hcpurl-code-execution(15704)

oval:org.mitre.oval:def:904

oval:org.mitre.oval:def:1000

MS04-011

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:H/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

HIGH

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

5.099999904632568

Created by Yello
About Severity.io