CVE-2004-0474 Information

Description

Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an \http://\ or \file://\ argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem several researchers have been unable to reproduce this issue.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0440.html http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0450.html http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0688.html http://marc.info/?l=bugtraq&m=107652584102003&w=2 http://www.securityfocus.com/archive/1/353248 http://www.securityfocus.com/bid/9621 https://exchange.xforce.ibmcloud.com/vulnerabilities/15101