Vulnerability Details : CVE-2004-0474
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
Products affected by CVE-2004-0474
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-0474
3.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 90 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-0474
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.1
|
MEDIUM | AV:N/AC:H/Au:N/C:P/I:P/A:P |
4.9
|
6.4
|
NIST |
References for CVE-2004-0474
-
http://www.securityfocus.com/archive/1/353248
Exploit
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0450.html
-
http://www.securityfocus.com/bid/9621
Exploit;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15101
-
http://marc.info/?l=bugtraq&m=107652584102003&w=2
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0688.html
-
http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0440.html
Exploit;Vendor Advisory
Jump to