Arbitrary Code Execution via HCP URLs in Microsoft Windows XP SP1 Help and Support Center
CVE-2003-0907 · MEDIUM Severity
AV:N/AC:H/AU:N/C:P/I:P/A:P
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
Learn more about our Web Application Penetration Testing UK.