| Definition Id: oval:org.mitre.oval:def:1008 |
Version: 9
Last Modified: 2011-04-26
|
| Title: |
Windows XP Help and Support Center HCP URL Validation Vulnerability |
| Description: |
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). |
| Family: |
windows |
Class: |
vulnerability |
| Status: |
ACCEPTED |
Reference(s): |
CVE-2004-0199
|
| Platform(s): |
Microsoft Windows XP |
Product(s): |
Help and Support Center (HSC) |
| Definition Synopsis: |
- Software section
- a vulnerable version of helpctr.exe exists on XP
- 32-bit version of Windows and a vulnerable version of helpctr.exe exists
- 32-Bit version of Windows is installed
- AND a vulnerable version of helpctr.exe exists exists depending on service pack level
- service pack 1 or earlier is installed and helpctr.exe is less than 5.1.2600.137
- OR service pack 2 is installed and helpctr.exe is less than 5.1.2600.1515
- OR 64-bit version of Windows and helpctr.exe is less than 5.1.2600.1515
- AND NOT the patch kb840374 is installed
- AND Windows XP (sp1 or earlier) is installed
- AND Configuration section
|
