PT-2004-1364 · Microsoft · Windows Xp+1
Donnie Werner
·
Published
2004-05-14
·
Updated
2018-10-12
·
CVE-2004-0199
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Microsoft Windows XP and Windows Server 2003 SP1
Description
The issue concerns improper validation of HCP URLs in the Help and Support Center, allowing remote attackers to execute arbitrary code. This can be achieved by using certain hcp:// URLs that access the DVD Upgrade capability, specifically dvdupgrd.htm.
Recommendations
For Microsoft Windows XP and Windows Server 2003 SP1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Windows Server 2003
Windows Xp