SecurityTracker.com Archives - Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

SecurityTracker
Archives

Sign Up

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Affiliates

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Partners

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Microsoft Help and Support Center

Vendors: Microsoft

Microsoft Help and Support Center HCP Buffer Overflow Lets Remote and Local Users Execute Arbitrary Code With Local Computer Privileges

SecurityTracker Alert ID: 1007934

CVE Reference: CAN-2003-0711 (Links to External Site)

Updated: Oct 16 2003

Original Entry Date: Oct 15 2003

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Description: A buffer overflow vulnerability was reported in the Help and Support Center function supplied with Windows XP and Windows Server 2003. A remote user can create a URL that, when loaded by the target user, will execute arbitrary code on the target user's system. A local user can also execute arbitrary code with System privileges.

It is reported that a file used by the HCP protocol contains a buffer overflow. The flaw reportedly resides in the Help Service (helpsvc.exe), which is started by svchost.exe.

A remote user can create a URL that, when loaded by the target user, will execute arbitrary code in the Local Computer security zone. A local user can also execute arbitrary code with System privileges.

Microsoft reports that the vulnerable code is included in all supported Windows operating systems, but the HCP protocol is only supported on Windows XP and 2003.

Microsoft has assigned a "Critical" severity rating for this flaw on Windows XP and Windows Server 2003 and a "Low" severity rating for the other affected platforms.

Microsoft credits David Litchfield of Next Generation Security Software Ltd. with reporting this flaw.

Impact: A remote user can create HTML that, when loaded, will execute arbitrary code in the Local Computer zone.

A local user can execute arbitrary code with System level privileges.

Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-044.asp (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Me), Windows (NT), Windows (2000), Windows (2003), Windows (XP)

Message History: None.

Source Message Contents

Date: Wed, 15 Oct 2003 14:13:28 -0400
Subject: Microsoft Security Bulletin MS03-044

 

http://www.microsoft.com/technet/security/bulletin/MS03-044.asp

 > Buffer Overrun in Windows Help and Support Center Could Lead to System Compromise (825119)

 > Impact of Vulnerability:  Remote Code Execution

 > Maximum Severity Rating:  Critical

CVE: CAN-2003-0711

Windows Me, NT, 2000, XP, and 2003 are affected.

A buffer overflow vulnerability was reported in the Help and Support Center function 
supplied with Windows XP and Windows Server 2003.  A remote user can create a URL that, 
when loaded by the target user, will execute arbitrary code on the target user's system.

It is reported that a file used by the HCP protocol contains a buffer overflow.  A remote 
user can create a URL that, when loaded by the target user, will execute arbitrary code in 
the Local Computer security zone.

Microsoft reports that the vulnerable code is included in all supported Windows operating 
systems, but the HCP protocol is only supported on Windows XP and 2003.

Microsoft has assigned a "Critical" severity rating for this flaw on Windows XP and 
Windows Server 2003 and a "Low" severity rating for the other affected platforms.

Microsoft credits David Litchfield of Next Generation Security Software Ltd. for reporting 
this flaw.

The following patches are available:

Microsoft Windows Millennium Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=7D6F4228-0E31-4F46-9795-5CDD566BB3B8&dis
playlang=en

Microsoft Windows NT Workstation 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=88BCDC9A-E370-47D8-B818-4E659C7F95AE&dis
playlang=en

Microsoft Windows NT Server 4.0, Service Pack 6a

http://www.microsoft.com/downloads/details.aspx?FamilyId=735602AC-BA6E-40D4-8A20-3441F02A25CB&dis
playlang=en

Microsoft Windows NT Server 4.0, Terminal Server Edition, Service Pack 6

http://www.microsoft.com/downloads/details.aspx?FamilyId=5C16FFAB-9CE7-4444-9AA5-BC6ABE3FD479&dis
playlang=en

Microsoft Windows 2000, Service Pack 2

http://www.microsoft.com/downloads/details.aspx?FamilyId=62B23A0C-67F0-4F11-A95E-E4FB080A63C6&dis
playlang=en

Microsoft Windows 2000, Service Pack 3, Service Pack 4

http://www.microsoft.com/downloads/details.aspx?FamilyId=C2AB63FD-35CA-4D33-9F8C-8BF5DE2D1117&dis
playlang=en

Microsoft Windows XP Gold, Service Pack 1

http://www.microsoft.com/downloads/details.aspx?FamilyId=84317458-0BEB-4B2C-A095-66CA09DFDAC6&dis
playlang=en

Microsoft Windows XP 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=97F4868A-5E41-4657-B9FC-7EA13954B982&dis
playlang=en

Microsoft Windows XP 64-bit Edition Version 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&dis
playlang=en

Microsoft Windows Server 2003

http://www.microsoft.com/downloads/details.aspx?FamilyId=40F25862-A815-4674-9175-E3640E3EFD49&dis
playlang=en

Microsoft Windows Server 2003 64-bit Edition

http://www.microsoft.com/downloads/details.aspx?FamilyId=8B990946-84C8-4C91-899C-5A44EC13174E&dis
playlang=en

A restart is required after applying this patch.

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us | Help
Copyright 2002, SecurityGlobal.net LLC