Arbitrary Code Execution Vulnerability in Windows 2003 and Windows XP

Reported May 11, 2004, by Microsoft


  • Windows Server 2003
  • Windows XP

A new vulnerability in Windows 2003 and XP could result in the execution of arbitrary code on the vulnerable system. This vulnerability is a result of the way that the Help and Support Center service handles Help Center Protocol (HCP) URL validation. A potential attacker could exploit the vulnerability by constructing a malicious HCP URL that could potentially allow remote code execution if a user visited a malicious Web site or viewed a malicious email message.

Microsoft has released bulletin MS04-015, "Vulnerability in Help and Support Center Could Allow Remote Code Execution" (840374), to address this vulnerability and recommends that affected users immediately apply the appropriate patch listed in the bulletin.

Discovered by Microsoft.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.