| Definition Id: oval:org.mitre.oval:def:1000 |
Version: 8
Last Modified: 2011-04-26
|
| Title: |
Windows XP Help Center Command Insertion Vulnerability |
| Description: |
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. |
| Family: |
windows |
Class: |
vulnerability |
| Status: |
ACCEPTED |
Reference(s): |
CVE-2003-0907
|
| Platform(s): |
Microsoft Windows XP |
Product(s): |
Help and Support Center (HSC) |
| Definition Synopsis: |
- Software section
- a vulnerable version of helpctr.exe exists on XP
- No service pack is installed, 32 bit Edition, and helpctr.exe is less than 5.1.2600.128
- OR Affected helpctr.exe versions on Windows XP SP1
- AND NOT the patch kb835732 is installed
- AND Windows XP (sp1 or earlier) is installed
- AND Configuration section
|
