Signature Detail

HTTP: HSC DVDUpgrade Input Validation

This signature detects URLs containing invalid HTTP links to the Microsoft Help Center. Attackers can exploit an input validation by sending a specially formatted HSC URL on a Web page. Windows XP prior to service pack 2, and the Windows 2003 Server are vulnerability. A successful exploit can allow the attacker to execute arbitrary code on the affected system.

Extended Description

A security vulnerability has been reported in Microsoft Windows XP and Server 2003 operating systems. This issue exists in the Help and Support Center (HSC) and is due to how the feature handles HCP invocation URIs for DVD driver upgrades. This issue could be exploited from a malicious web page or HTML e-mail to cause a malicious executable to be run on a vulnerable system. This would occur in the context of the victim user, though it has been reported that significant user interaction is required for exploitation to occur. While this issue may be exploited through Internet Explorer, it should also be noted that third-party web client software could also invoke HSC via a HCP URI.

Affected Products

• Microsoft Windows Server 2003 Datacenter Edition
• Microsoft Windows Server 2003 Datacenter Edition Itanium
• Microsoft Windows Server 2003 Enterprise Edition
• Microsoft Windows Server 2003 Enterprise Edition Itanium
• Microsoft Windows Server 2003 Standard Edition
• Microsoft Windows Server 2003 Web Edition
• Microsoft Windows XP 64-bit Edition SP1
• Microsoft Windows XP 64-bit Edition
• Microsoft Windows XP 64-bit Edition Version 2003 SP1
• Microsoft Windows XP 64-bit Edition Version 2003
• Microsoft Windows XP Gold
• Microsoft Windows XP Home SP1
• Microsoft Windows XP Home
• Microsoft Windows XP Professional SP1
• Microsoft Windows XP Professional

References

• BugTraq: 10321
• CVE: CVE-2004-0199
• URL: http://www.ciac.org/ciac/bulletins/o-140.shtml