Executive Summary
Informations | |||
---|---|---|---|
Name | MS04-015 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 5.1 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1008 | |||
Oval ID: | oval:org.mitre.oval:def:1008 | ||
Title: | Windows XP Help and Support Center HCP URL Validation Vulnerability | ||
Description: | Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0199 | Version: | 9 |
Platform(s): | Microsoft Windows XP | Product(s): | Help and Support Center (HSC) |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1032 | |||
Oval ID: | oval:org.mitre.oval:def:1032 | ||
Title: | Windows Server 2003 Help and Support Center HCP URL Validation Vulnerability | ||
Description: | Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0199 | Version: | 2 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Help and Support Center (HSC) |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
6053 | Microsoft Windows Help and Support Center HCP URL Code Execution Microsoft Windows XP and Windows Server 2003 contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to improper validation of HCP (Help Center and Support) URLs. With a specially crafted request, an remote attacker can cause arbitrary code execution with privileges of the victim, once the URL is clicked, resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2015-07-22 | Microsoft Windows HSC DVD driver upgrade code execution attempt RuleID : 34933 - Revision : 2 - Type : OS-WINDOWS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-05-11 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms04-015.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-07-22 21:23:17 |
|
2014-02-17 11:44:59 |
|