Vulnerability Name:

CVE-2004-0199 (CCN-16095)

Assigned:2004-05-11
Published:2004-05-11
Updated:2018-10-12
Summary:Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2004-0199

Source: BUGTRAQ
Type: UNKNOWN
20040512 MS04-015 - Windows Help Center - Dvdupgrade

Source: FULLDISC
Type: UNKNOWN
20040512 MS04-015 - Windows Help Center - Dvdupgrade

Source: CCN
Type: CIAC Information Bulletin O-140
Microsoft HCP Protocol URL Validation Vulnerability

Source: MISC
Type: UNKNOWN
http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt

Source: CCN
Type: US-CERT VU#484814
Microsoft Help and Support Center (HCP) fails to properly validate HCP URLs

Source: CERT-VN
Type: Patch, Third Party Advisory, US Government Resource
VU#484814

Source: CCN
Type: Microsoft Security Bulletin MS04-015
Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)

Source: CCN
Type: OSVDB ID: 6053
Microsoft Windows Help and Support Center HCP URL Code Execution

Source: BID
Type: Exploit, Patch, Vendor Advisory
10321

Source: CCN
Type: BID-10321
Microsoft Windows HSC DVD Driver Upgrade Code Execution Vulnerability

Source: MS
Type: UNKNOWN
MS04-015

Source: XF
Type: UNKNOWN
win-hcp-code-execution(16095)

Source: XF
Type: UNKNOWN
win-hcp-code-execution(16095)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1008

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1032

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:x64:*
  • AND
  • cpe:/o:microsoft:windows_xp:-:sp1:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:-:sp1:x64:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1008
    V
    		Windows XP Help and Support Center HCP URL Validation Vulnerability
    2011-05-16
    oval:org.mitre.oval:def:1032
    V
    		Windows Server 2003 Help and Support Center HCP URL Validation Vulnerability
    2006-09-27
    BACK
    microsoft windows 2003 server enterprise
    microsoft windows 2003 server enterprise_64-bit
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server r2
    microsoft windows 2003 server standard
    microsoft windows 2003 server web
    microsoft windows xp *
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp * sp1
    microsoft windows xp
    microsoft windows 2003 server *
    microsoft windows xp - sp1
    microsoft windows xp - sp1
    microsoft windows 2003 server - sp1