MS03-044: Buffer Overrun in Windows Help (825119)

This script is Copyright (C) 2003-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary code can be executed on the remote host through the Help
service.

Description :

A security vulnerability exists in the Windows Help Service that could
allow arbitrary code execution on an affected system. An attacker who
successfully exploited this vulnerability could run code with Local
System privileges on this host.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms03-044

Solution :

Microsoft has released a set of patches for Windows NT, 2000, XP and
2003.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 11928 ()

Bugtraq ID: 8828

CVE ID: CVE-2003-0711