CVE-2003-0907

EPSS 45.55%
Published 01.06.2004 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Affected products Warnungen 0 Metrics 2 CWE 1 References 14

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003 Version-

Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	45.55%	0.975

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Third Party Advisory

US Government Resource

Broken Link

http://www.ciac.org/ciac/bulletins/o-114.shtml

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Patch

Vendor Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html

Broken Link

http://marc.info/?l=bugtraq&m=108196864221676&w=2