CVE-2010-1885 Information

Description

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL aka \Help Center URL Validation Vulnerability.\

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx http://secunia.com/advisories/40076 http://www.exploit-db.com/exploits/13808 http://www.kb.cert.org/vuls/id/578319 http://www.microsoft.com/technet/security/advisory/2219475.mspx http://www.securityfocus.com/archive/1/511774/100/0/threaded http://www.securityfocus.com/archive/1/511783/100/0/threaded http://www.securityfocus.com/bid/40725 http://www.securitytracker.com/id?1024084 http://www.us-cert.gov/cas/techalerts/TA10-194A.html http://www.vupen.com/english/advisories/2010/1417 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042 https://exchange.xforce.ibmcloud.com/vulnerabilities/59267 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A11733