CVE - CVE-2010-1885

CVE-ID
CVE-2010-1885	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:40725 URL:http://www.securityfocus.com/bid/40725 BUGTRAQ:20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly URL:http://www.securityfocus.com/archive/1/511774/100/0/threaded BUGTRAQ:20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly URL:http://www.securityfocus.com/archive/1/511783/100/0/threaded CERT:TA10-194A URL:http://www.us-cert.gov/cas/techalerts/TA10-194A.html CERT-VN:VU#578319 URL:http://www.kb.cert.org/vuls/id/578319 CONFIRM:http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx CONFIRM:http://www.microsoft.com/technet/security/advisory/2219475.mspx EXPLOIT-DB:13808 URL:http://www.exploit-db.com/exploits/13808 FULLDISC:20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly URL:http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html MISC:http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx MS:MS10-042 URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042 OVAL:oval:org.mitre.oval:def:11733 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733 SECTRACK:1024084 URL:http://www.securitytracker.com/id?1024084 SECUNIA:40076 URL:http://secunia.com/advisories/40076 VUPEN:ADV-2010-1417 URL:~~http://www.vupen.com/english/advisories/2010/1417~~ (Obsolete source) XF:ms-win-helpctr-command-execution(59267) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
Assigning CNA
Microsoft Corporation
Date Record Created
20100511	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100511)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)