CVE-2003-0907

Published: Jun 1, 2004Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

Affected (2)

Products: Microsoft: Windows Server 2003, Windows Xp

2 products

Windows Server 2003

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows Server 2003	All versions
Microsoft Windows Xp	All versions

Related CWEs

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (22)

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html

Source: cve@mitre.org

Broken Link

http://marc.info/?l=bugtraq&m=108196864221676&w=2

Source: cve@mitre.org

Third Party Advisory

http://www.ciac.org/ciac/bulletins/o-114.shtml

Source: cve@mitre.org

Broken Link

http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities

Source: cve@mitre.org

Broken Link

http://www.kb.cert.org/vuls/id/260588

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/10119

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Source: cve@mitre.org

Broken LinkThird Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Source: cve@mitre.org

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15704

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904

Source: cve@mitre.org

Broken Link

http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://marc.info/?l=bugtraq&m=108196864221676&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.ciac.org/ciac/bulletins/o-114.shtml

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.kb.cert.org/vuls/id/260588

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/10119

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

http://www.us-cert.gov/cas/techalerts/TA04-104A.html

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/15704

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

Timeline

No history available yet.