MS04-015: Microsoft Help Center Remote Code Execution (840374)
High Nessus Plugin ID 12235
SynopsisArbitrary code can be executed on the remote host through the web client.
DescriptionThe remote host contains bugs in the Microsoft Help and Support Center in the way it handles HCP URL validation. (840374)
An attacker could use this bug to execute arbitrary commands on the remote host. To exploit this bug, an attacker would need to lure a user of the remote host into visiting a rogue website or to click on a link received in an email.
SolutionMicrosoft has released a set of patches for Windows 2003 and XP.