Threat Monitor
Troj.Exploit.HTML.CVE-2010-1885.a
| Aliases: | |
|---|---|
| Pattern: | 201007231330 |
| Threat Type | Propagation Methods | Systems Affected | Risk Level |
|---|---|---|---|
|
|
|
|
Description: Microsoft Windows Help And Support Center is prone to a trusted document whitelist bypass vulnerability.
The vulnerability is caused due to an error in the the MPC::HTML::UrlUnescapeW() function that does not properly check the return code of MPC::HexToNum() when processing escaped URLs through Microsoft Windows Help and Support Center (helpctr.exe). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the FromHCP restricted whitelist and execute arbitrary commands on the system through the use of an additional input sanitation error in the sysinfomain.htm help document when opening a specially crafted "hcp://" URL.
Affected: Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Server 2003 SP2
The vulnerability is caused due to an error in the the MPC::HTML::UrlUnescapeW() function that does not properly check the return code of MPC::HexToNum() when processing escaped URLs through Microsoft Windows Help and Support Center (helpctr.exe). By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to bypass the FromHCP restricted whitelist and execute arbitrary commands on the system through the use of an additional input sanitation error in the sysinfomain.htm help document when opening a specially crafted "hcp://" URL.
Affected: Microsoft Windows XP SP3
Microsoft Windows XP SP2
Microsoft Windows Server 2003 SP2
