CVE-2003-0009

Windows Me - Cross-Site Scripting via Help and Support Center Topic Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-0009. PoCs published by s0h.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Microsoft Windows ME Help and Support Center via the HCP URI parameter. It crafts a malicious .CNT file to execute arbitrary code, specifically downloading and executing a trojan from a specified URL.

Description

Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by s0h · cremotewindows

https://www.exploit-db.com/exploits/22289

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the Microsoft Windows ME Help and Support Center via the HCP URI parameter. It crafts a malicious .CNT file to execute arbitrary code, specifically downloading and executing a trojan from a specified URL.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Windows ME Help and Support Center

No auth needed

Prerequisites: Access to craft or modify a .CNT file · Victim interaction to trigger the exploit

MITRE ATT&CK