Release DateJun 11, 2010 |
Severitycritical |
ImpactSecurity BypassArbitrary Command Execution |
DescriptionThis indicates an attack attempt against a vulnerability in Microsoft Help and Support Centre.The vulnerability is caused by the vulnerable software failing to sanitize malformed escaped sequences. It may allow a remote attacker to execute arbitrary command via a crafted hcp:// URL. |
Affected ProductsWindows XP Service Pack 2 and Windows XP Service Pack 3Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 2 Windows Server 2003 x64 Edition Service Pack 2 Windows Server 2003 with SP2 for Itanium-based Systems |
Recommended ActionsApply patch:http://www.microsoft.com/technet/security/bulletin/ms10-042.mspx |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-1885 |
Reference/shttp://lock.cmpxchg8b.com/b10a58b75029f79b5f93f4add3ddf992/ADVISORYhttp://www.exploit-db.com/exploits/13808/ http://www.microsoft.com/technet/security/Bulletin/ms10-042.mspx (MS-ID) http://www.securityfocus.com/bid/40725 (BugTraq) |
