“Help and Support Center (HSC) is a feature in Windows that provides help on a variety of topics” (from www.microsoft.com). It can be accessed via HCP: URLs. HSC is installed by default on Windows XP and Windows Server 2003 systems.
An argument injection vulnerability in HSC allows an attacker to run arbitrary code when the victim opens a specially formatted HCP: URL. The user may be automatically directed to such URL when a web page is viewed. The issue can also be exploited via e-mail. Outlook (Express) with recent security fixes mitigates the e-mail vector so that automatic redirection can’t be done but some user interaction is required (clicking on a link).
HSC isn’t included in Windows systems prior to XP, so default installations of the older OSes aren’t vulnerable.
Microsoft was contacted on November 5th, 2003. A patch has been produced to correct the vulnerability. Microsoft classifies the vulnerability in the highest severity category, critical.
Information about the patch can be found on Microsoft’s site.
The vulnerability was discovered and researched by Jouko Pynnönen (email@example.com), Finland.