5.1

CVE-2003-0907

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 21.85% 0.973
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.1 4.9 6.4
AV:N/AC:H/Au:N/C:P/I:P/A:P
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.us-cert.gov/cas/techalerts/TA04-104A.html
Third Party Advisory
US Government Resource
Broken Link
http://www.ciac.org/ciac/bulletins/o-114.shtml
Broken Link
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
Patch
Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html
Broken Link
http://marc.info/?l=bugtraq&m=108196864221676&w=2
Third Party Advisory
http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities
Broken Link
http://www.kb.cert.org/vuls/id/260588
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/10119
Third Party Advisory
Broken Link
VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/15704
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904
Broken Link