search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Microsoft Help and Support Center contains buffer overflow in code used to handle HCP protocol

Vulnerability Note VU#467036

Original Release Date: 2003-10-16 | Last Revised: 2003-10-16

Overview

There is a buffer overflow in the Microsoft Help and Support Center that could permit an attacker to execute arbitrary code with SYSTEM privileges.

Description

The Microsoft Help and Support Center is a facility within WIndows to provide product help and documentation. Among other things, the Help and Support Center handles hcp protocol requests. According to Microsoft, "there is an unchecked buffer in an associated file used by the HCP protocol. This file is used by the Help and Support Center feature and is invoked automatically when HSC is launched." By convincing a user to follow a link or visit or view a malicious web page, an attacker can use this buffer overflow to execute arbitrary code with SYSTEM privileges. For more information, see Microsoft Security Bulletin MS03-044. This vulnerability is distinct from those diclosed in MS03-006 and MS02-060.

Impact

An attacker can execute arbitrary code with SYSTEM privileges.

Solution

Apply a patch as described in Microsoft Security Bulletin MS03-044.

Until a patch can be applied, you can limit your exposure to this vulnerability through the following steps:

    1. Deregister the HCP protocol. See Microsoft Security Bulletin MS03-044 for instructions.
    2. Install the Outlook Email Security Upgrade.
    3. View messages in plain text. Many email programs have facilities for setting preferences to view messages as plain text or to render them as HTML documents.
    4. Disable scripting when viewing untrusted web pages.

    These measures do not eliminate the vulnerability, but significantly reduce your exposure to it.

    Vendor Information

    467036
     
    Affected   Unknown   Unaffected

    Microsoft Corporation

    Updated:  October 16, 2003

    Status

      Vulnerable

    Vendor Statement

    No statement is currently available from the vendor regarding this vulnerability.

    Vendor Information

    The vendor has not provided us with any further information regarding this vulnerability.

    Addendum

    See Microsoft Security Bulletin MS03-044.

    If you have feedback, comments, or additional information about this vulnerability, please send us email.


    CVSS Metrics

    Group Score Vector
    Base N/A N/A
    Temporal N/A N/A
    Environmental N/A

    References

    Acknowledgements

    Our thanks to Microsoft for the information contained in their bulletin. Microsoft credited David Litchfield of NGSS for discovering the vulnerability.

    This document was written by Shawn Hernan, based on information provided by Microsoft.

    Other Information

    CVE IDs: CVE-2003-0711
    Severity Metric: 31.64
    Date Public: 2003-10-15
    Date First Published: 2003-10-16
    Date Last Updated: 2003-10-16 17:51 UTC
    Document Revision: 8

    Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.