Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Help and Support Center not properly sanitizing user input supplied as part of the HCP:// URL variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• OVAL ID: 1000 904
• Security Tracker: 1009752
• Secunia Advisory ID: 11064
• ISS X-Force ID: 15818
• CVE ID: 2003-0907 (see also: NVD)
• CERT VU: 260588
• Related OSVDB ID: 5248 5249 5250 5251 5252 5254 5255 5256 5257 5258 5259 5260 5261
• SCIP VulDB ID: 604
• Mail List Post: http://lists.netsys.com/pipermail/full-disclosure/2004-April/020065.html
• Other Advisory URL: http://www.idefense.com/application/poi/display?id=100&type=vulnerabilities&flashstatus=true
• Microsoft Security Bulletin: MS04-011
• CIAC Advisory: o-114
• US-CERT Cyber Security Alert: TA04-104A

• Jouko Pynnonen - iDefense Labs VCP