Microsoft Windows Help And Support Center URI Validation Code Execution Vulnerability

2004-04-13T00:00:00
ID SMNTC-10119
Type symantec
Reporter Symantec Security Response
Modified 2004-04-13T00:00:00

Description

Description

Microsoft has reported a vulnerability in the Help and Support Center that is related to how HCP URIs are validated. This issue could reportedly be exploited via a malicious web page or HTML e-mail to execute arbitrary code on a client system. The issue may permit an attacker to inject invocation arguments when HCP URIs cause the HelpCtr.exe component to be executed. By placing malicious content into a known location on the system, whose contents the attacker may influence via a malicious web page, it is possible to exploit this issue to cause the malicious content to be executed in the Local Zone. It should be noted that the vulnerable functionality is included in Microsoft Windows ME but that the vendor has not considered this vulnerability to pose a serious threat to users of this operating system. The vendor has not qualified why the threat is reduced for Windows ME users.

Technologies Affected

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Windows ME
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Datacenter Edition Itanium
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Enterprise Edition Itanium
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows XP 64-bit Edition
  • Microsoft Windows XP 64-bit Edition SP1
  • Microsoft Windows XP 64-bit Edition Version 2003
  • Microsoft Windows XP 64-bit Edition Version 2003 SP1
  • Microsoft Windows XP Home
  • Microsoft Windows XP Home SP1
  • Microsoft Windows XP Professional
  • Microsoft Windows XP Professional SP1

Recommendations

Run all software as a nonprivileged user with minimal access rights.
Non-administrative tasks such as browsing the web and reading e-mail should always be performed as an unprivileged user with minimal access rights to limit the impact of latent client vulnerabilities.

Do not follow links provided by unknown or untrusted sources.
This issue could be exploited by a malicious web page. Users should be wary of following links provided by untrusted or unfamiliar sources.

Set web browser security to disable the execution of script code or active content.
Disabling support for client-side scripting and Active Content in the web client may limit exposure to this and similar vulnerabilities.

Do not accept communications that originate from unknown or untrusted sources.
This issue could be exploited via HTML e-mail. Users should not open or accept unsolicited e-mail. If possible, disabling support for HTML e-mail in the client will limit exposure to this attack vector.

Avaya has released an advisory to announce that Avaya System Products shipping on Microsoft platforms are also affected by this vulnerability. Avaya advise that customers follow the Microsoft recommendations for the resolution of this issue. The aforementioned advisory can be viewed at the following location: http://support.avaya.com/japple/css/japple?temp.groupID=&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=161384&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate() Microsoft has released fixes to address this issue. US-CERT has released an advisory TA04-104A to address this and other issues. Please see the referenced advisory for more information.