Vulnerabilities > CVE-2004-0474 - Unspecified vulnerability in Microsoft Windows XP
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 3 |
Exploit-Db
| description | Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability. CVE-2004-0474. Remote exploit for windows platform |
| id | EDB-ID:23675 |
| last seen | 2016-02-02 |
| modified | 2004-02-09 |
| published | 2004-02-09 |
| reporter | Bartosz Kwitkowski |
| source | https://www.exploit-db.com/download/23675/ |
| title | Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0440.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0450.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0688.html
- http://marc.info/?l=bugtraq&m=107652584102003&w=2
- http://www.securityfocus.com/archive/1/353248
- http://www.securityfocus.com/bid/9621
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15101