| Vulnerability Name: | CVE-2010-1885 (CCN-59267) | ||||||||
| Assigned: | 2010-06-10 | ||||||||
| Published: | 2010-06-10 | ||||||||
| Updated: | 2019-02-26 | ||||||||
| Summary: | The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability." Per: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx "customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack." | ||||||||
| CVSS v3 Severity: | 10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
| ||||||||
| CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C) 7.3 High (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
7.3 High (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-78 | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: FULLDISC Type: Exploit 20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly Source: MISC Type: UNKNOWN http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx Source: CONFIRM Type: Vendor Advisory http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx Source: MITRE Type: CNA CVE-2010-1885 Source: CCN Type: SA40076 Microsoft Windows helpctr.exe Invalid URL Processing Vulnerability Source: SECUNIA Type: Vendor Advisory 40076 Source: CCN Type: SECTRACK ID: 1024084 Microsoft Help and Support Center URL Escaping Flaw Lets Remote Users Execute Arbitrary Commands Source: EXPLOIT-DB Type: UNKNOWN 13808 Source: CCN Type: IBM Internet Security Systems Protection Alert Microsoft Windows Help and Support Center Could Allow Remote Code Execution Source: CCN Type: US-CERT VU#578319 Microsoft Windows Help and Support Center URI processing vulnerability Source: CERT-VN Type: US Government Resource VU#578319 Source: CCN Type: Microsoft Security Advisory (2219475) Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution Source: CONFIRM Type: Vendor Advisory http://www.microsoft.com/technet/security/advisory/2219475.mspx Source: CCN Type: Microsoft Security Bulletin MS10-042 Vulnerability in Help and Support Center Could Allow Remote Code Execution (2229593) Source: BUGTRAQ Type: UNKNOWN 20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly Source: BUGTRAQ Type: UNKNOWN 20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly Source: CCN Type: BID-40721 Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross Site Scripting Weakness Source: BID Type: Exploit 40725 Source: CCN Type: BID-40725 Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass Vulnerability Source: SECTRACK Type: UNKNOWN 1024084 Source: CERT Type: US Government Resource TA10-194A Source: VUPEN Type: Vendor Advisory ADV-2010-1417 Source: MS Type: UNKNOWN MS10-042 Source: XF Type: UNKNOWN ms-win-helpctr-command-execution(59267) Source: XF Type: UNKNOWN ms-win-helpctr-command-execution(59267) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:11733 Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [06-10-2010] Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [07-08-2010] | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||