Vulnerabilities > CVE-2003-0711 - Buffer Overflow vulnerability in Microsoft Windows Help And Support Center URI Handler

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
microsoft
nessus
NVD
Published: 2003-11-17
Updated: 2019-04-30

Summary

Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.

Vulnerable Configurations

Part Description Count
OS
Microsoft
48

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS03-044.NASL
descriptionA security vulnerability exists in the Windows Help Service that could allow arbitrary code execution on an affected system. An attacker who successfully exploited this vulnerability could run code with Local System privileges on this host.
last seen2020-06-01
modified2020-06-02
plugin id11928
published2003-11-17
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11928
titleMS03-044: Buffer Overrun in Windows Help (825119)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(11928);
 script_version("1.39");
 script_cvs_date("Date: 2018/11/15 20:50:29");

 script_cve_id("CVE-2003-0711");
 script_bugtraq_id(8828);
 script_xref(name:"MSFT", value:"MS03-044");
 script_xref(name:"CERT", value:"467036");
 script_xref(name:"MSKB", value:"825119");

 script_name(english:"MS03-044: Buffer Overrun in Windows Help (825119)");
 script_summary(english:"Checks for hotfix 825119");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the Help
service.");
 script_set_attribute(attribute:"description", value:
"A security vulnerability exists in the Windows Help Service that could
allow arbitrary code execution on an affected system.  An attacker who
successfully exploited this vulnerability could run code with Local
System privileges on this host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2003/ms03-044");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
 script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");

 script_set_attribute(attribute:"vuln_publication_date", value:"2003/10/15");
 script_set_attribute(attribute:"patch_publication_date", value:"2003/10/15");
 script_set_attribute(attribute:"plugin_publication_date", value:"2003/11/17");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2003-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}

include("smb_func.inc");
include("smb_hotfixes.inc");
include("smb_hotfixes_fcheck.inc");


include("misc_func.inc");
get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS03-044';
kb = '825119';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);


if (!get_kb_item("SMB/WindowsVersion")) exit(1, "SMB/WindowsVersion KB item is missing.");
if (hotfix_check_sp(nt:7, win2k:6, xp:2, win2003:1) <= 0) exit(0, "Host is not affected based on its version / service pack.");

if (!is_accessible_share()) exit(1, "is_accessible_share() failed.");


if (hotfix_is_vulnerable(file:"itircl.dll", version:"5.2.3790.80", dir:"\system32", bulletin:bulletin, kb:kb))
{
  set_kb_item(name:"SMB/Missing/MS03-044", value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  exit(0, "The host is not affected");
}

Oval

  • accepted2011-05-16T04:02:23.777-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameAndrew Buttner
      organizationThe MITRE Corporation
    • nameJohn Hoyland
      organizationCentennial Software
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionStack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
    familywindows
    idoval:org.mitre.oval:def:217
    statusaccepted
    submitted2003-10-16T12:00:00.000-04:00
    titleHelp and Support Center PCHealth System Buffer Overflow (Windows 2000)
    version72
  • accepted2006-09-27T12:29:22.075-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameJohn Hoyland
      organizationCentennial Software
    descriptionStack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
    familywindows
    idoval:org.mitre.oval:def:3685
    statusaccepted
    submitted2005-01-18T12:00:00.000-04:00
    titleHelp and Support Center PCHealth System Buffer Overflow (64-bit XP)
    version65
  • accepted2005-06-29T06:49:00.000-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameChristine Walzer
      organizationThe MITRE Corporation
    descriptionStack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
    familywindows
    idoval:org.mitre.oval:def:3889
    statusaccepted
    submitted2005-01-18T12:00:00.000-04:00
    titleHelp and Support Center PCHealth System Buffer Overflow (32-bit XP)
    version65
  • accepted2011-05-16T04:03:03.279-04:00
    classvulnerability
    contributors
    • nameChristine Walzer
      organizationThe MITRE Corporation
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionStack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
    familywindows
    idoval:org.mitre.oval:def:4706
    statusaccepted
    submitted2005-01-18T12:00:00.000-04:00
    titleHelp and Support Center PCHealth System Buffer Overflow (Server 2003)
    version68

References