Oval Definition:	oval:org.mitre.oval:def:1000
Revision Date: 2011-05-16 Version: 49 Title: Windows XP Help Center Command Insertion Vulnerability Description: Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2003-0907 Platform(s): Microsoft Windows XP Product(s): Help and Support Center (HSC) Definition Synopsis Software section a vulnerable version of helpctr.exe exists on XP No service pack is installed, 32 bit Edition, and helpctr.exe is less than 5.1.2600.128 NOT Win2K/XP/2003 is patched AND 32-Bit version of Windows is installed AND the version of helpctr.exe is less than 5.1.2600.128 OR Affected helpctr.exe versions on Windows XP SP1 Win2K/XP/2003/Vista service pack 1 is installed AND the version of helpctr.exe is less than 5.1.2600.1340 AND NOT the patch kb835732 is installed AND Windows XP (sp1 or earlier) is installed Windows XP is installed AND NOT Win2K/XP/2003 service pack 2 (or later) is installed AND Configuration section NOT the HCP Protocol is registered
BACK