CVE-2003-0009
published 2003-03-07CVE-2003-0009: Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local…
PriorityP426medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
15.06%
96.3th percentile
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
exploitdb·2019-10-29·CVSS 3.3
CVE-2015-0009 [LOW] Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass (MS15-014)
---
# Exploit Title: Microsoft Windows Server 2012 - 'Group Policy' Security Feature Bypass
# Date: 2019-10-28
# Exploit Author: Thomas Zuk
# Version: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2,
# Windows 8, Windows Server 2012, Windows RT, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1
# Tested on: Windows 7 , Windows Server 2012
# CVE : CVE-2015-0009
# Type: Remote
# Platform: Windows
# Description: This exploit code targets vulnerable systems in order to corrupt GPO updates which causes
# the target system to revert various security settings to their default settings. This includes SMB server
# and network client settings, which by default do not
Exploit-DB
Microsoft Windows XP/ME - Help and Support Center Buffer Overflow
exploitdb·2003-02-26
CVE-2003-0009 Microsoft Windows XP/ME - Help and Support Center Buffer Overflow
Microsoft Windows XP/ME - Help and Support Center Buffer Overflow
---
// source: https://www.securityfocus.com/bid/6966/info
The Microsoft Windows ME Help and Support Center is prone to a buffer overflow. This is due to insufficient bounds checking on input supplied through the HCP URI parameter.
An attacker can exploit this vulnerability by making a HCP request with an overly long string. This will trigger the overflow condition and may result in malicious attacker-supplied code being executed on the vulnerable system.
A similar vulnerability was reported in the Windows XP Help and Support Center (BID 6802). These vulnerabilities may be related.
** Conflicting details have been reported about this vulnerability. The discoverer claims that the issue is cross site scripting that allow
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=104636383018686&w=2http://www.ciac.org/ciac/bulletins/n-047.shtmlhttp://www.iss.net/security_center/static/11425.phphttp://www.kb.cert.org/vuls/id/489721http://www.osvdb.org/6074http://www.securityfocus.com/bid/6966https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-006http://marc.info/?l=bugtraq&m=104636383018686&w=2http://www.ciac.org/ciac/bulletins/n-047.shtmlhttp://www.iss.net/security_center/static/11425.phphttp://www.kb.cert.org/vuls/id/489721http://www.osvdb.org/6074http://www.securityfocus.com/bid/6966https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-006
2003-03-07
Published