Vulnerability Name:

CVE-2004-0474 (CCN-15101)

Assigned:2004-02-07
Published:2004-02-07
Updated:2017-07-11
Summary:Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL.
Note: since the initial report of this problem, several researchers have been unable to reproduce this issue.
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Sat Feb 07 2004 - 15:49:26 CST
HelpCtr - allow open any page or run

Source: CCN
Type: BugTraq Mailing List, Tue Feb 10 2004 - 06:01:26 CST
Re: HelpCtr - allow open any page or run

Source: CCN
Type: BugTraq Mailing List, Wed Feb 11 2004 - 02:54:27 CST
Re: HelpCtr - allow open any page or run

Source: FULLDISC
Type: Exploit, Vendor Advisory
20040210 Re: HelpCtr - allow open any page or run

Source: FULLDISC
Type: UNKNOWN
20040210 Re: HelpCtr - allow open any page or run

Source: FULLDISC
Type: UNKNOWN
20040213 Re: HelpCtr - allow open any page or run

Source: MITRE
Type: CNA
CVE-2004-0474

Source: BUGTRAQ
Type: UNKNOWN
20040211 Re: HelpCtr - allow open any page or run

Source: CCN
Type: OSVDB ID: 15981
Microsoft Windows XP helpctr.exe Crafted URL Command Execution

Source: BUGTRAQ
Type: Exploit
20040207 HelpCtr - allow open any page or run

Source: BID
Type: Exploit, Vendor Advisory
9621

Source: CCN
Type: BID-9621
Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability

Source: CCN
Type: BID-9685
Microsoft Windows XP Help And Support Center Interface Spoofing Weakness

Source: XF
Type: UNKNOWN
winxp-helpctr-hcp-xss(15101)

Source: XF
Type: UNKNOWN
winxp-helpctr-hcp-xss(15101)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_xp:*:*:home:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows:xp:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    microsoft windows xp *
    microsoft windows xp * gold
    microsoft windows xp * sp1
    microsoft windows xp