Alias(es)Windows.XP.HCP.URI.Handler.Arbitrary.Command.Execution |
Release DateAug 08, 2005 |
Severitylow |
ImpactCompromise of the affected system. |
DescriptionIt indicates a possible exploit of Arbitrary Command Execution Vulnerability in Microsoft Windows XP HCP URI Handler. A vulnerability is reported in Microsoft Windows XP HCP URI Handler that may allow an attacker to execute arbitrary commands on the vulnerable system. This is due to application helpctr.exe failure to sanitize hcp:// URL request. For exploiting this an attacker may by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email. |
Affected ProductsMicrosoft Windows XP Professional SP1. |
Recommended ActionsApply appropriate service pack path from the Microsoft. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2004-0474 |
Reference/shttp://www.securityfocus.com/bid/9621 (BugTraq) |
