Microsoft Windows HSC HCP protocol file buffer overflow
| win-hsc-hcp-bo (13420) |  High Risk |
Description:
Microsoft Windows is vulnerable to a buffer overflow, caused by improper bounds checking of a file associated with the HCP protocol. This file is automatically invoked when the Help and Support Center (HSC) is started. By creating a specially-crafted hcp:// URL, a remote attacker could overflow a buffer and execute arbitrary code on the victim's computer with elevated privileges, once the URL is clicked. An attacker could exploit this vulnerability by creating a malicious Web page and hosting it on a Web site or by sending it to a victim as an HTML email.
Note: The vulnerable file associated with the HCP protocol is present on all versions of Microsoft Windows, however the HSC functionality, which is required to exploit the vulnerability is not available or supported on platforms prior to Windows XP.
Platforms Affected:
- Microsoft, Windows 2003 Server
- Microsoft, Windows NT 4.0 Server
- Microsoft, Windows NT 4.0 Terminal Server
- Microsoft, Windows XP
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS05-026. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS03-044, but it was superseded by the patch released with MS05-026.
Consequences:
Gain Access
References:
- CERT Advisory CA-2003-27, Multiple Vulnerabilities in Microsoft Windows and Exchange at http://www.cert.org/advisories/CA-2003-27.html.
- CIAC Information Bulletin O-007, Microsoft Windows Help and Support Center Buffer Overrun Vulnerability at http://www.ciac.org/ciac/bulletins/o-007.shtml.
- Microsoft Security Bulletin MS03-044, Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119) at http://www.microsoft.com/technet/security/bulletin/ms03-044.mspx.
- Microsoft Security Bulletin MS05-026, Vulnerability in HTML Help Could Allow Remote Code Execution (896358) at http://www.microsoft.com/technet/security/bulletin/MS05-026.mspx.
- NGSSoftware Insight Security Research Advisory #NISR15102003, Microsoft PCHealth Buffer Overflow Vulnerability at http://archives.neohapsis.com/archives/vulnwatch/2003-q4/0014.html.
- BID-8828: Microsoft Windows Help And Support Center URI Handler Buffer Overflow Vulnerability
- CVE-2003-0711: Stack-based buffer overflow in the PCHealth system in the Help and Support Center function in Windows XP and Windows Server 2003 allows remote attackers to execute arbitrary code via a long query in an HCP URL.
- US-CERT VU#467036: Microsoft Help and Support Center contains buffer overflow in code used to handle HCP protocol
Reported:
Oct 15, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net