oval:org.mitre.oval:def:1000

Definition Id: oval:org.mitre.oval:def:1000

Oval ID:	oval:org.mitre.oval:def:1000
Title:	Windows XP Help Center Command Insertion Vulnerability
Description:	Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0907	Version:	8
Platform(s):	Microsoft Windows XP	Product(s):	Help and Support Center (HSC)
Definition Synopsis:
Software section a vulnerable version of helpctr.exe exists on XP No service pack is installed, 32 bit Edition, and helpctr.exe is less than 5.1.2600.128 NOT Win2K/XP/2003 is patched AND 32-Bit version of Windows is installed AND the version of helpctr.exe is less than 5.1.2600.128 OR Affected helpctr.exe versions on Windows XP SP1 Win2K/XP/2003 service pack 1 is installed AND the version of helpctr.exe is less than 5.1.2600.1340 AND NOT the patch kb835732 is installed AND Windows XP (sp1 or earlier) is installed Windows XP is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed AND Configuration section NOT the HCP Protocol is registered