Vulnerabilities > CVE-2003-0711 - Buffer Overflow vulnerability in Microsoft Windows Help And Support Center URI Handler
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 48 |
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS03-044.NASL |
description | A security vulnerability exists in the Windows Help Service that could allow arbitrary code execution on an affected system. An attacker who successfully exploited this vulnerability could run code with Local System privileges on this host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11928 |
published | 2003-11-17 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11928 |
title | MS03-044: Buffer Overrun in Windows Help (825119) |
code |
|
Oval
accepted 2011-05-16T04:02:23.777-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation name Andrew Buttner organization The MITRE Corporation name John Hoyland organization Centennial Software name Shane Shaffer organization G2, Inc. name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. family windows id oval:org.mitre.oval:def:217 status accepted submitted 2003-10-16T12:00:00.000-04:00 title Help and Support Center PCHealth System Buffer Overflow (Windows 2000) version 72 accepted 2006-09-27T12:29:22.075-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name John Hoyland organization Centennial Software
description Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. family windows id oval:org.mitre.oval:def:3685 status accepted submitted 2005-01-18T12:00:00.000-04:00 title Help and Support Center PCHealth System Buffer Overflow (64-bit XP) version 65 accepted 2005-06-29T06:49:00.000-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Christine Walzer organization The MITRE Corporation
description Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. family windows id oval:org.mitre.oval:def:3889 status accepted submitted 2005-01-18T12:00:00.000-04:00 title Help and Support Center PCHealth System Buffer Overflow (32-bit XP) version 65 accepted 2011-05-16T04:03:03.279-04:00 class vulnerability contributors name Christine Walzer organization The MITRE Corporation name Sudhir Gandhe organization Telos name Shane Shaffer organization G2, Inc.
description Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL. family windows id oval:org.mitre.oval:def:4706 status accepted submitted 2005-01-18T12:00:00.000-04:00 title Help and Support Center PCHealth System Buffer Overflow (Server 2003) version 68
References
- http://marc.info/?l=bugtraq&m=106631908105696&w=2
- http://marc.info/?l=ntbugtraq&m=106632194809632&w=2
- http://www.cert.org/advisories/CA-2003-27.html
- http://www.kb.cert.org/vuls/id/467036
- http://www.ngssoftware.com/advisories/ms-pchealth.txt
- http://www.securityfocus.com/bid/8828
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A217
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3685
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3889
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4706