CVE-2004-0199
First published: Fri May 14 2004(Updated: )
Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows Server 2003 | =web | |
| Microsoft Windows Server 2003 | =enterprise | |
| Microsoft Windows Server 2003 | =enterprise_64-bit | |
| Microsoft Windows XP | =gold | |
| Microsoft Windows XP | ||
| Microsoft Windows Server 2003 | =r2 | |
| Microsoft Windows Server 2003 | =r2 | |
| Microsoft Windows XP | ||
| Microsoft Windows XP | =sp1 | |
| Microsoft Windows Server 2003 | =standard | |
| Microsoft Windows Server 2003 | =r2 | |
| Microsoft Windows XP | =gold |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/10321
- http://www.kb.cert.org/vuls/id/484814
- http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt
- http://marc.info/?l=bugtraq&m=108437759930820&w=2
- http://marc.info/?l=full-disclosure&m=108430407801825&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16095
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1032
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1008
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-015
Frequently Asked Questions
What is the severity of CVE-2004-0199?
CVE-2004-0199 is considered critical due to its potential to allow remote code execution.
How do I fix CVE-2004-0199?
To fix CVE-2004-0199, ensure that you install the latest security updates from Microsoft for Windows XP and Windows Server 2003.
What software is affected by CVE-2004-0199?
CVE-2004-0199 affects Microsoft Windows XP and Windows Server 2003, specifically Service Pack 1 versions.
Can CVE-2004-0199 be exploited remotely?
Yes, CVE-2004-0199 can be exploited remotely through specially crafted HCP URLs.
What are the potential impacts of CVE-2004-0199?
The potential impacts of CVE-2004-0199 include unauthorized remote code execution and system compromise.
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/microsoft
- canonical/microsoft windows xp
- version/microsoft windows xp/sp1
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/web
- version/microsoft windows server 2003/enterprise
- version/microsoft windows server 2003/enterprise_64-bit
- version/microsoft windows xp/gold
- version/microsoft windows server 2003/r2
- version/microsoft windows server 2003/standard