05.132.2004 - MS04-015: Vulnerability in Help and Support Center Could Allow Remote Code Execution (840374)

A remote code execution vulnerability exists in the Help and Support Center because of the way that it handles HCP URL validation. An attacker could exploit the vulnerability by constructing a malicious HCP URL that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious e-mail message. An attacker who successfully exploited this vulnerability could take complete control of an affected system. However, significant user interaction is required to exploit this vulnerability. - Download Windows XP and SP1 - Download Windows XP 64-Bit Edition Service Pack 1 - Download Windows XP 64-Bit Edition Version 2003 - Download Windows Server 2003 - Download Windows Server 2003 64-Bit Edition - View Microsoft Security Bulletin MS04-015 - View Microsoft Knowledge Base Article - 840374 - Visit Microsoft Corporation