Vulners
Lucene search
Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability
source: http://www.securityfocus.com/bid/9621/info
The Microsoft Windows XP HCP URI handler has been reported prone to a vulnerability that may provide for arbitrary command execution. The issue is reported to present itself when a specially formatted HCP URI that references a local resource is processed. A remote attacker may exploit this issue to have arbitrary commands executed in the context of the user who followed the link.
This issue has been reported to be present in Polish versions of Windows XP SP1; other versions may also be vulnerable.
hcp://services/layout/contentonly?topic=...
where ... is a correct URL
http:// for page
file:/// for run (remember use / (slash) in path e.g. c:/windows/system32/...
The following additional example vectors have been supplied:
hcp://services/layout/fullwindow?topic=
hcp://services/centers/support?topic=
Additional proof-of-concepts were provided in the "IE ms-its: and mk:@MSITStore: vulnerability" BugTraq post by Roozbeh Afrasiabi.
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1