ID |
CVE-2003-0907
|
Summary |
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. |
References |
|
Vulnerable Configurations |
|
CVSS |
Base: | 5.1 (as of 12-10-2018 - 21:33) |
Impact: | |
Exploitability: | |
|
CWE |
NVD-CWE-Other |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
HIGH |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:H/Au:N/C:P/I:P/A:P
|
oval
via4
|
accepted | 2011-05-16T04:00:03.987-04:00 | class | vulnerability | contributors | name | Harvey Rubinovitz | organization | The MITRE Corporation |
name | Harvey Rubinovitz | organization | The MITRE Corporation |
name | Christine Walzer | organization | The MITRE Corporation |
name | John Hoyland | organization | Centennial Software |
name | Anna Min | organization | BigFix, Inc |
name | Shane Shaffer | organization | G2, Inc. |
name | Sudhir Gandhe | organization | Telos |
name | Shane Shaffer | organization | G2, Inc. |
| description | Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. | family | windows | id | oval:org.mitre.oval:def:1000 | status | accepted | submitted | 2004-04-14T12:00:00.000-04:00 | title | Windows XP Help Center Command Insertion Vulnerability | version | 73 |
accepted | 2006-09-27T12:29:40.350-04:00 | class | vulnerability | contributors | name | Harvey Rubinovitz | organization | The MITRE Corporation |
name | Harvey Rubinovitz | organization | The MITRE Corporation |
name | John Hoyland | organization | Centennial Software |
| description | Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. | family | windows | id | oval:org.mitre.oval:def:904 | status | accepted | submitted | 2004-04-14T12:00:00.000-04:00 | title | Windows Server 2003 Help Center Command Insertion Vulnerability | version | 66 |
|
refmap
via4
|
|
Last major update |
12-10-2018 - 21:33 |
Published |
01-06-2004 - 04:00 |
Last modified |
12-10-2018 - 21:33 |