• 공개일 : 2004-06-01
• 변경일 : 2008-09-11

• 위험도: 5.1
• 액세스 벡터 : NETWORK
• 액세스 복잡성 : 높음
• 인증 : 없음
• 기밀성 영향 : 부분
• 무결성 영향 : 부분
• 가용성 영향 : 부분
• 출처 : http://nvd.nist.gov
• 공개일 : 2004-01-01

Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.

• CERT-VN, VU#260588
• CERT, TA04-104A
• MS, MS04-011
• BUGTRAQ, 20040413 [Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Micr..
• FULLDISC, 20040413 Microsoft Help and Support Center argument injection vulner..
• XF, win-hcpurl-code-execution(15704)
• BID, 10119
• MISC, http://www.idefense.com/application/poi/display?id=100&type=vulnerabilit..
• CIAC, O-114

• microsoft windows_2003_server r2
• microsoft windows_xp tablet_pc