| Name | MS.Windows.Help.Center.Protocol.Malformed.Escape.Sequence |
| Last Updated Date | Jun 22, 2010 |
| Release Date | Jun 11, 2010 |
| Severity | Critical |
| Impact | Security Bypass
Arbitrary Command Execution |
| Description | This indicates an attack attempt against a vulnerability in Microsoft Help and Support Centre.
The vulnerability is caused by the vulnerable software failing to sanitize malformed escaped sequences. It may allow a remote attacker to execute
arbitrary command via a crafted hcp:// URL. |
| Affected Products | Windows XP Service Pack 2 and Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 x64 Edition Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems |
| Recommended Actions | Currently we are not aware of any official patch for this issue. |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-1885
|
| Reference/s | http://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORY
http://www.exploit-db.com/exploits/13808/
|