Vulnerability Description
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2003 Server | All versions |
| Microsoft | Windows Server 2003 | All versions |
| Microsoft | Windows Xp | All versions |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.htmlExploit
- http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-di
- http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerVendor Advisory
- http://secunia.com/advisories/40076Vendor Advisory
- http://www.exploit-db.com/exploits/13808
- http://www.kb.cert.org/vuls/id/578319US Government Resource
- http://www.microsoft.com/technet/security/advisory/2219475.mspxVendor Advisory
- http://www.securityfocus.com/archive/1/511774/100/0/threaded
- http://www.securityfocus.com/archive/1/511783/100/0/threaded
- http://www.securityfocus.com/bid/40725Exploit
- http://www.securitytracker.com/id?1024084
- http://www.us-cert.gov/cas/techalerts/TA10-194A.htmlUS Government Resource
- http://www.vupen.com/english/advisories/2010/1417Vendor Advisory
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-04
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
FAQ
What is CVE-2010-1885?
CVE-2010-1885 is a vulnerability with a CVSS score of 9.3 (HIGH). The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote at...
How severe is CVE-2010-1885?
CVE-2010-1885 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1885?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2003 Server, Microsoft Windows Server 2003, Microsoft Windows Xp.