CVE-2001-0909

Microsoft Windows XP - Remote Code Execution via Long hcp: URL

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0909. PoCs published by mozoral.

AI-analyzed exploit summary This exploit demonstrates a buffer overflow vulnerability in helpctr.exe via an overly long HCP URI parameter. The PoC triggers the overflow by supplying a long string of 'm' characters, potentially leading to arbitrary code execution.

Description

Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.

Exploits (1)

exploitdb WORKING POC VERIFIED
by mozoral · textdoswindows
https://www.exploit-db.com/exploits/22232

This exploit demonstrates a buffer overflow vulnerability in helpctr.exe via an overly long HCP URI parameter. The PoC triggers the overflow by supplying a long string of 'm' characters, potentially leading to arbitrary code execution.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Windows helpctr.exe (versions affected by CVE-2001-0909)
No auth needed
Prerequisites: Victim must open the malicious HCP URI link
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6802
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/7605
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100638955422011&w=2

Scores

EPSS 0.1806
EPSS Percentile 96.9%

Details

Status published
Products (1)
microsoft/windows_xp
Published Nov 21, 2001
Tracked Since Feb 18, 2026