The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2010-06-15 14:04
Updated : 2024-02-28 11:41
NVD link : CVE-2010-1885
Mitre link : CVE-2010-1885
CVE.ORG link : CVE-2010-1885
JSON object : View
Products Affected
microsoft
- windows_xp
- windows_server_2003
- windows_2003_server
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')