Vulnerability Description
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | enterprise |
| Microsoft | Windows Xp | All versions |
References
- http://marc.info/?l=bugtraq&m=108437759930820&w=2
- http://marc.info/?l=full-disclosure&m=108430407801825&w=2
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt
- http://www.kb.cert.org/vuls/id/484814PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10321ExploitPatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-01
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16095
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://marc.info/?l=bugtraq&m=108437759930820&w=2
- http://marc.info/?l=full-disclosure&m=108430407801825&w=2
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt
- http://www.kb.cert.org/vuls/id/484814PatchThird Party AdvisoryUS Government Resource
- http://www.securityfocus.com/bid/10321ExploitPatchVendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-01
FAQ
What is CVE-2004-0199?
CVE-2004-0199 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain ...
How severe is CVE-2004-0199?
CVE-2004-0199 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0199?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows Xp.