CVE-2004-0199 - Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly valida

CVE-2004-0199

Summary

Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).

References

Vulnerable Configurations

cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

CVSS

Base:	5.1 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	HIGH	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:H/Au:N/C:P/I:P/A:P

oval via4

accepted

2011-05-16T04:00:10.455-04:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name Christine Walzer
organization The MITRE Corporation
name John Hoyland
organization Centennial Software
name Dragos Prisaca
organization Gideon Technologies, Inc.
name Shane Shaffer
organization G2, Inc.
name Sudhir Gandhe
organization Telos
name Shane Shaffer
organization G2, Inc.

description

family

windows

oval:org.mitre.oval:def:1008

status

accepted

submitted

2004-05-12T12:00:00.000-04:00

title

Windows XP Help and Support Center HCP URL Validation Vulnerability

version

accepted

2006-09-27T12:28:20.916-04:00

class

vulnerability

contributors

name Harvey Rubinovitz
organization The MITRE Corporation
name John Hoyland
organization Centennial Software

description

family

windows

oval:org.mitre.oval:def:1032

status

accepted

submitted

2004-05-12T12:00:00.000-04:00

title

Windows Server 2003 Help and Support Center HCP URL Validation Vulnerability

version

refmap via4

bid	10321
bugtraq	20040512 MS04-015 - Windows Help Center - Dvdupgrade
cert-vn	VU#484814
fulldisc	20040512 MS04-015 - Windows Help Center - Dvdupgrade
misc	http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt
xf	win-hcp-code-execution(16095)

Last major update

12-10-2018 - 21:34

Published

14-06-2004 - 04:00

Last modified

12-10-2018 - 21:34