CVE-2010-1885

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
References
Link Resource
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html Exploit
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx Vendor Advisory
http://secunia.com/advisories/40076 Vendor Advisory
http://www.exploit-db.com/exploits/13808
http://www.kb.cert.org/vuls/id/578319 US Government Resource
http://www.microsoft.com/technet/security/advisory/2219475.mspx Vendor Advisory
http://www.securityfocus.com/archive/1/511774/100/0/threaded
http://www.securityfocus.com/archive/1/511783/100/0/threaded
http://www.securityfocus.com/bid/40725 Exploit
http://www.securitytracker.com/id?1024084
http://www.us-cert.gov/cas/techalerts/TA10-194A.html US Government Resource
http://www.vupen.com/english/advisories/2010/1417 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042
https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html Exploit
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx Vendor Advisory
http://secunia.com/advisories/40076 Vendor Advisory
http://www.exploit-db.com/exploits/13808
http://www.kb.cert.org/vuls/id/578319 US Government Resource
http://www.microsoft.com/technet/security/advisory/2219475.mspx Vendor Advisory
http://www.securityfocus.com/archive/1/511774/100/0/threaded
http://www.securityfocus.com/archive/1/511783/100/0/threaded
http://www.securityfocus.com/bid/40725 Exploit
http://www.securitytracker.com/id?1024084
http://www.us-cert.gov/cas/techalerts/TA10-194A.html US Government Resource
http://www.vupen.com/english/advisories/2010/1417 Vendor Advisory
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042
https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

History

21 Nov 2024, 01:15

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html - Exploit () http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html - Exploit
References () http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx - () http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx -
References () http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx - Vendor Advisory () http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx - Vendor Advisory
References () http://secunia.com/advisories/40076 - Vendor Advisory () http://secunia.com/advisories/40076 - Vendor Advisory
References () http://www.exploit-db.com/exploits/13808 - () http://www.exploit-db.com/exploits/13808 -
References () http://www.kb.cert.org/vuls/id/578319 - US Government Resource () http://www.kb.cert.org/vuls/id/578319 - US Government Resource
References () http://www.microsoft.com/technet/security/advisory/2219475.mspx - Vendor Advisory () http://www.microsoft.com/technet/security/advisory/2219475.mspx - Vendor Advisory
References () http://www.securityfocus.com/archive/1/511774/100/0/threaded - () http://www.securityfocus.com/archive/1/511774/100/0/threaded -
References () http://www.securityfocus.com/archive/1/511783/100/0/threaded - () http://www.securityfocus.com/archive/1/511783/100/0/threaded -
References () http://www.securityfocus.com/bid/40725 - Exploit () http://www.securityfocus.com/bid/40725 - Exploit
References () http://www.securitytracker.com/id?1024084 - () http://www.securitytracker.com/id?1024084 -
References () http://www.us-cert.gov/cas/techalerts/TA10-194A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA10-194A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2010/1417 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1417 - Vendor Advisory
References () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042 - () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/59267 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/59267 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733 -

Information

Published : 2010-06-15 14:04

Updated : 2024-11-21 01:15


NVD link : CVE-2010-1885

Mitre link : CVE-2010-1885

CVE.ORG link : CVE-2010-1885


JSON object : View

Products Affected

microsoft

  • windows_server_2003
  • windows_2003_server
  • windows_xp
CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')