Oval Definition:oval:org.mitre.oval:def:1008
Revision Date:2011-05-16Version:50
Title:Windows XP Help and Support Center HCP URL Validation Vulnerability
Description:Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2004-0199
Platform(s):Microsoft Windows XP
Product(s):Help and Support Center (HSC)
Definition Synopsis
  • Software section
  • a vulnerable version of helpctr.exe exists on XP
  • 32-bit version of Windows and a vulnerable version of helpctr.exe exists
  • 32-Bit version of Windows is installed
  • AND a vulnerable version of helpctr.exe exists exists depending on service pack level
  • OR 64-bit version of Windows and helpctr.exe is less than 5.1.2600.1515
  • a version of Windows for the ia64 architecture is installed
  • AND the version of helpctr.exe is less than 5.1.2600.1515
  • AND NOT the patch kb840374 is installed
  • AND Windows XP (sp1 or earlier) is installed
  • Windows XP is installed
  • AND NOT Win2K/XP/2003 service pack 2 (or later) is installed
  • AND Configuration section
  • NOT the HCP Protocol is registered
    • BACK