CVE-2010-1885

critical

Description

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733

https://exchange.xforce.ibmcloud.com/vulnerabilities/59267

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042

http://www.vupen.com/english/advisories/2010/1417

http://www.us-cert.gov/cas/techalerts/TA10-194A.html

http://www.securitytracker.com/id?1024084

http://www.securityfocus.com/archive/1/511783/100/0/threaded

http://www.securityfocus.com/archive/1/511774/100/0/threaded

http://www.microsoft.com/technet/security/advisory/2219475.mspx

http://www.kb.cert.org/vuls/id/578319

http://www.exploit-db.com/exploits/13808

http://secunia.com/advisories/40076

http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx

http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx

Details

Source: Mitre, NVD

Published: 2010-06-15

Updated: 2019-02-26

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical