Lucene search

[email protected]CVE-2004-0474

HistoryJul 07, 2004 - 4:00 a.m.

CVE-2004-0474

2004-07-0704:00:00

[email protected]

web.nvd.nist.gov

cve-2004-0474

help center

helpctr.exe

remote attackers

arbitrary files

url vulnerability

nvd

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.8%

JSON

Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an “http://” or “file://” argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.

Affected configurations

NVD

Node

microsoftwindows_xphome

microsoftwindows_xpgoldprofessional

microsoftwindows_xpsp1home

CPENameOperatorVersion
microsoft:windows_xpmicrosoft windows xpeq*

CPE	Name	Operator	Version
microsoft:windows_xp	microsoft windows xp	eq	*

References

archives.neohapsis.com/archives/fulldisclosure/2004-02/0440.html

archives.neohapsis.com/archives/fulldisclosure/2004-02/0450.html

archives.neohapsis.com/archives/fulldisclosure/2004-02/0688.html

marc.info/?l=bugtraq&m=107652584102003&w=2

www.securityfocus.com/archive/1/353248

www.securityfocus.com/bid/9621

exchange.xforce.ibmcloud.com/vulnerabilities/15101

7.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2004-0474

cvelist1 nvd1