Title: Microsoft Windows Help And Support Center URI Validation Code Execution Vulnerability
Severity: HIGH
Description:
Microsoft has reported a vulnerability in the Help and Support Center that is related to how HCP URIs are validated. The Help and Support Center provides operating system help facilities that may be accessed via HCP URIs. It is included in Microsoft Windows XP and Windows Server 2003.
The issue may permit an attacker to inject invocation arguments when HCP URIs cause the HelpCtr.exe component to be executed. For example, HelpCtr.exe is normally invoked with the following arguments when a HCP URI is loaded:
"C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe" -FromHCP -url "%1"
The value for %1 will be dynamically replaced with the arguments for the HCP URI. In this manner, it is possible to cause HelpCtr.exe to load a local attacker-specified file in the context of the Local Zone by quoting the parameters. By placing malicious content into a known file (such as System\errors\connection.htm) on the system, which the attacker may influence via a malicious web page, it is possible to exploit this issue to cause the malicious content to be executed in the Local Zone.
It should be noted that the vulnerable functionality is included in Microsoft Windows ME but that the vendor has not considered this vulnerability to pose a serious threat to users of this operating system. The vendor has not qualified why the threat is reduced for Windows ME users.
Affected Products:
- Avaya DefinityOne Media Servers
- Avaya IP600 Media Servers
- Avaya S3400 Message Application Server
- Avaya S8100 Media Servers
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP 64-bit Edition SP1
- Microsoft Windows XP 64-bit Edition Version 2003
- Microsoft Windows XP 64-bit Edition Version 2003 SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Professional
- Microsoft Windows XP Professional SP1
References:
- Microsoft: Microsoft Security Bulletin MS04-011
- iDEFENSE: Microsoft Help and Support Center Argument Injection Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
