CVE-2003-0907

EPSS 33.77%
Veröffentlicht 01.06.2004 04:00:00
Zuletzt bearbeitet 16.04.2026 00:27:16
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003 Version-

Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	33.77%	0.968

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Third Party Advisory

US Government Resource

Broken Link

http://www.ciac.org/ciac/bulletins/o-114.shtml

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Patch

Vendor Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html

Broken Link

http://marc.info/?l=bugtraq&m=108196864221676&w=2