{"vuid":"VU#260588","idnumber":"260588","name":"Microsoft Windows Help and Support Center (HCP) fails to validate HCP URLs","keywords":["Microsoft","Windows","Help and Support Center","HCP","HCP URL"],"overview":"A remotely exploitable vulnerability exists in the Help and Support Center (HCP). An attacker could compromise the victim's system by tricking them into visiting a malicious web site, or viewing a malicious email message.","clean_desc":"A failure to filter special characters, such as quotes, from HCP URLs could lead to inject code into the . By tricking a victim in to visiting a malicious web site, or viewing a malicious email, the remote attacker could exploit this vulnerability to remotely execute code in the \"MyComputer\" zone. The following systems are affected by this issue: Windows XP\nWindows Server 2003","impact":"A remote attacker could exploit this vulnerability to execute code in the Local Machine Zone with the privileges of the current user.","resolution":"Apply a patch from the vendor Microsoft Security Bulletin MS04-011 contains patch information to resolve this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to Jouko Pynnönen for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx","http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities"],"cveids":["CVE-2003-0907"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-04-13T19:27:40Z","publicdate":"2004-04-13T00:00:00Z","datefirstpublished":"2004-04-14T06:53:45Z","dateupdated":"2004-04-14T06:54:15Z","revision":3,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"11","cam_population":"12","cam_impact":"15","cam_easeofexploitation":"20","cam_attackeraccessrequired":"20","cam_scorecurrent":"35.1","cam_scorecurrentwidelyknown":"41.85","cam_scorecurrentwidelyknownexploited":"68.85","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":35.1,"vulnote":null}