Microsoft Windows Help and Support Center Remote Code Execution Vulnerability
Date Discovered:
06/08/2010
Severity:
High
Operating Systems
Affected:
Windows XP SP 2 Windows XP SP 3 Windows XP Professional x64 Edition SP 2 Windows Server 2003 SP 2 Windows Server 2003 x64 Edition SP 2 Windows Server 2003 with SP2 for Itanium-based Systems
Application
Affected:
Microsoft Windows Help and Support Center
Identifiers:
CVE-2010-1885
Synopsis
Microsoft Windows Help and Support Center is vulnerable to remote code execution attack as it failed to properly validate URLs when using the HCP Protocol.
Recommended Actions
Update IDS/IPS Signatures definition.
Threat Analysis
Help and Support Center (HSC) is a feature in Windows that provides help on a variety of topics. For instance, HSC enables users to learn about Windows features, download and install software updates, determine whether a particular hardware device is compatible with Windows, get assistance from Microsoft, and so forth. Users and programs can execute URL links to Help and Support Center by using the "hcp://" prefix in a URL link instead of "http://".
There is a remote code execution vulnerability found in it. This issue exists as application failed to not properly validate URLs when using the HCP Protocol.
Remote attacker can exploit this issue via crafting a malicious webpage and entice the user to visit it.Now, when this webpage opened in browser malicious code get executed.
