Microsoft Windows Me HSC hcp:// buffer overflow

winme-hsc-hcp-bo (11425) The risk level is classified as HighHigh Risk

Description:

Microsoft Windows Me is vulnerable to a buffer overflow in the Help and Support Center (HSC) feature, caused by improper bounds checking of hcp:// URLs by the HSC URL handler. By creating a specially-crafted hcp:// URL, a remote attacker could overflow a buffer and execute arbitrary code on the victim's computer with full system privileges, once the URL is invoked. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or sending it to a victim as an HTML email.


Consequences:

Gain Privileges

Remedy:

Apply the patch for this vulnerability, as listed in Microsoft Security Bulletin MS03-006. See References.

References:

  • BugTraq Mailing List, 2003-02-27 5:06:08: MS-Windows ME IE/Outlook/HelpCenter critical vulnerability.
  • CIAC Information Bulletin N-047: Microsoft Windows ME Help and Support Center Vulnerability.
  • Microsoft Security Bulletin MS03-006: Flaw in Windows Me Help and Support Center Could Enable Code Execution (812709).
  • BID-6966: Microsoft Windows Help and Support Center Buffer Overflow Vulnerability
  • CVE-2003-0009: Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
  • OSVDB ID: 6074: Microsoft Windows Me HSC hcp:// URL XSS
  • US-CERT VU#489721: Microsoft Windows Me and XP Help and Support Center does not adequately validate hcp:// URI parameters

Platforms Affected:

  • Microsoft Windows Me

Reported:

Feb 26, 2003

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page