CVE-2003-0907

EPSS 45.55%
Veröffentlicht 01.06.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows Server 2003 Version-

Microsoft ≫ Windows Xp Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	45.55%	0.975

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Third Party Advisory

US Government Resource

Broken Link

http://www.ciac.org/ciac/bulletins/o-114.shtml

Broken Link

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Patch

Vendor Advisory

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html

Broken Link

http://marc.info/?l=bugtraq&m=108196864221676&w=2