CVE DATABASE / CVE-2003-0907
CVE-2003-0907
CVSS 5.1 · MEDIUM
Summary
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
CVSS 2.0 breakdown
| Base score | 5.1 (MEDIUM) |
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
| Attack vector | NETWORK |
| Attack complexity | HIGH |
| Confidentiality | PARTIAL |
| Integrity | PARTIAL |
| Availability | PARTIAL |
Weakness type (CWE)
Affected products
Microsoft windows server 2003Microsoft windows xp
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2004-April/020065.html
- http://marc.info/?l=bugtraq&m=108196864221676&w=2
- http://www.ciac.org/ciac/bulletins/o-114.shtml
- http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities
- http://www.kb.cert.org/vuls/id/260588
- http://www.securityfocus.com/bid/10119
- http://www.us-cert.gov/cas/techalerts/TA04-104A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-011
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15704
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1000
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A904
Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.