CVE-2010-1885: OS Command Injection
First published: Mon Jun 14 2010(Updated: )
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp2 | |
| Microsoft Windows XP | =sp3 | |
| Microsoft Windows Server 2003 | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 | |
| Microsoft Windows 2003 Server | =sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx
- http://secunia.com/advisories/40076
- http://www.vupen.com/english/advisories/2010/1417
- http://www.securitytracker.com/id?1024084
- http://www.microsoft.com/technet/security/advisory/2219475.mspx
- http://www.securityfocus.com/bid/40725
- http://www.kb.cert.org/vuls/id/578319
- http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html
- http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
- http://www.exploit-db.com/exploits/13808
- http://www.us-cert.gov/cas/techalerts/TA10-194A.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733
- http://www.securityfocus.com/archive/1/511783/100/0/threaded
- http://www.securityfocus.com/archive/1/511774/100/0/threaded
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042
- collector/nvd-historical
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft windows xp
- version/microsoft windows xp/sp2
- version/microsoft windows xp/sp3
- canonical/microsoft windows server 2003
- version/microsoft windows server 2003/sp2
- canonical/microsoft windows 2003 server
- version/microsoft windows 2003 server/sp2