CVE-2010-1885,MS10-042 | Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability

Export page to PDF

Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability

CVE ID

CVE-2010-1885,MS10-042

Severity

Critical

Description

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."

Solution

Apply associated Trend Micro DPI Rules.

Filter identifier number: 1004226

Filter title: 1004226 - Microsoft Windows Help Centre Malformed Escape Sequences Vulnerability

Affected software and version:

microsoft windows_2003_server
microsoft windows_server_2003
microsoft windows_xp
microsoft windows_xp -

Product Support

Go To:

Popular Products

More Support

Go to:

Popular Products

Threat Encyclopedia

Description

Solution