5.1

CVE-2004-0199

Exploit

EPSS 39.03%
Veröffentlicht 14.06.2004 04:00:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 12

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Microsoft ≫ Windows 2003 Server Versionenterprise Edition64-bit

Microsoft ≫ Windows 2003 Server Versionenterprise_64-bit

Microsoft ≫ Windows 2003 Server Versionr2

Microsoft ≫ Windows 2003 Server Versionr2 Edition64-bit

Microsoft ≫ Windows 2003 Server Versionr2 Editiondatacenter_64-bit

Microsoft ≫ Windows 2003 Server Versionstandard Edition64-bit

Microsoft ≫ Windows 2003 Server Versionweb

Microsoft ≫ Windows Xp Edition64-bit

Microsoft ≫ Windows Xp Editionhome

Microsoft ≫ Windows Xp Updategold

Microsoft ≫ Windows Xp Updategold Editionprofessional

Microsoft ≫ Windows Xp Updatesp1 Edition64-bit

Microsoft ≫ Windows Xp Updatesp1 Editionhome

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	39.03%	0.971

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.1	4.9	6.4	AV:N/AC:H/Au:N/C:P/I:P/A:P

http://marc.info/?l=bugtraq&m=108437759930820&w=2

http://marc.info/?l=full-disclosure&m=108430407801825&w=2

http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt

http://www.kb.cert.org/vuls/id/484814

Patch

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/10321

Patch

Vendor Advisory

Exploit

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-015

https://exchange.xforce.ibmcloud.com/vulnerabilities/16095

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1008

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1032

https://nvd.nist.gov/vuln/detail/CVE-2004-0199

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-0199

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-0199

EUVD