Vulnerability Description
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows Xp | All versions |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0440.htmlExploitVendor Advisory
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0450.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0688.html
- http://marc.info/?l=bugtraq&m=107652584102003&w=2
- http://www.securityfocus.com/archive/1/353248Exploit
- http://www.securityfocus.com/bid/9621ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15101
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0440.htmlExploitVendor Advisory
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0450.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0688.html
- http://marc.info/?l=bugtraq&m=107652584102003&w=2
- http://www.securityfocus.com/archive/1/353248Exploit
- http://www.securityfocus.com/bid/9621ExploitVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15101
FAQ
What is CVE-2004-0474?
CVE-2004-0474 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report ...
How severe is CVE-2004-0474?
CVE-2004-0474 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0474?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows Xp.