Vulnerability Name:

CVE-2010-2265 (CCN-59447)

Assigned:2010-06-10
Published:2010-06-10
Updated:2019-02-26
Summary:Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm.
Note: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
Per: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

"customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack."
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:W/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:W/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: FULLDISC
Type: Exploit
20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

Source: MISC
Type: Vendor Advisory
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

Source: MISC
Type: Vendor Advisory
http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx

Source: MITRE
Type: CNA
CVE-2010-2265

Source: CCN
Type: SA40076
Microsoft Windows helpctr.exe Invalid URL Processing Vulnerability

Source: SECUNIA
Type: Vendor Advisory
40076

Source: CCN
Type: US-CERT VU#578319
Microsoft Windows Help and Support Center URI processing vulnerability

Source: CERT-VN
Type: US Government Resource
VU#578319

Source: CCN
Type: Microsoft Security Advisory (2219475)
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution

Source: MISC
Type: Vendor Advisory
http://www.microsoft.com/technet/security/advisory/2219475.mspx

Source: CCN
Type: OSVDB ID: 65529
Microsoft Windows Help and Support Center sysinfo/sysinfomain.htm svr Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly

Source: BID
Type: Exploit
40721

Source: CCN
Type: BID-40721
Microsoft Help and Support Center 'sysinfo/sysinfomain.htm' Cross Site Scripting Weakness

Source: VUPEN
Type: Vendor Advisory
ADV-2010-1417

Source: XF
Type: UNKNOWN
ms-win-helpctr-command-execution(59267)

Source: XF
Type: UNKNOWN
ms-win-getservername-xss(59447)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:x64:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows server 2003 * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows xp - sp2
    microsoft windows xp sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp3
    microsoft windows xp sp2