VRDA Feed by JPCERT/CC
  Vulnerability Response Decision Assistance Feed : Information for vulnerability impact analysis
[ about VRDA Feed | JPCERT/CC



 
Vulnerability Analysis Result (Revision No : 1) [ Download XML
CVE-2010-1885
windows_2003_server, windows_server_2003, windows_xp: The MPC::HexToNum function in helpctr.exe in Micros...
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1885

Original

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL.

Translation   (Show)





About This Analysis Information
Analysis Information Provider:
NIST NVD
First Published:
2010-06-15
Source Information Category:
Advisory, Alert
Last Updated:
2010-06-15




Affected Product Tags
cpe:/o:microsoft:windows_2003_server::sp2
cpe:/o:microsoft:windows_2003_server::sp2:itanium
cpe:/o:microsoft:windows_server_2003::sp2:x64
cpe:/o:microsoft:windows_xp:-:sp2:x64
cpe:/o:microsoft:windows_xp::sp2
cpe:/o:microsoft:windows_xp::sp3
 


Vulnerability Analysis Results
[Access Vector]  [?]
Undefined [?]

Local [?]
Adjacent Network [?]
X Network [?]
[Access Complexit]  [?]
Undefined [?]

High [?]
X Medium [?]
Low [?]
[Authentication]  [?]
Undefined [?]

Multiple [?]
Single [?]
X None [?]
[Confidentiality Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Integrity Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
[Availability Impact]  [?]
Undefined [?]

None [?]
Partial [?]
X Complete [?]
Alternatives




References
VU#578319




BID 40725




BUGTRAQ 20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly




BUGTRAQ 20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly




CONFIRM http://www.microsoft.com/technet/security/advisory/2219475.mspx




CONFIRM http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx




FULLDISC 20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly




MISC http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx




SECTRACK 1024084




SECUNIA 40076




VUPEN ADV-2010-1417




Vulnerability Type OS Command Injections (CWE-78)




XF ms-win-helpctr-command-execution(59267)




Copyright © 2010 JPCERT/CC All Rights Reserved.