oval:org.mitre.oval:def:904

Definition Id: oval:org.mitre.oval:def:904

Oval ID:	oval:org.mitre.oval:def:904
Title:	Windows Server 2003 Help Center Command Insertion Vulnerability
Description:	Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2003-0907	Version:	2
Platform(s):	Microsoft Windows Server 2003	Product(s):	Help and Support Center (HSC)
Definition Synopsis:
Software section Windows Server 2003 is installed AND the version of helpctr.exe is less than 5.2.3790.125 AND NOT the patch kb835732 is installed AND Configuration section NOT the HCP Protocol is registered