Lucene search

K
saintSAINT CorporationSAINT:DCC0D8113643502F8C6EBC54620A9A56
HistoryJun 15, 2010 - 12:00 a.m.

Windows Help and Support Center -FromHCP URL whitelist bypass

2010-06-1500:00:00
SAINT Corporation
download.saintcorporation.com
19

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.974

Percentile

99.9%

Added: 06/15/2010
CVE: CVE-2010-1885
BID: 40725
OSVDB: 65264

Background

The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources.

Problem

A vulnerability in Windows Help and Support Center allows command execution when a user loads a specially crafted HCP URL resulting in a bypass of the whitelist restrictions provided by the **-FromHCP** option.

Resolution

Apply the fix referenced in Microsoft Security Bulletin 10-042.

References

http://www.kb.cert.org/vuls/id/578319
http://www.securityfocus.com/archive/1/511774

Limitations

Exploit works on Windows XP SP3 and requires a user to open the exploit page in Internet Explorer.

Internet Explorer 8 will pop up security prompts during the exploiting process asking permissions for execution operations. The target user must grant these operations.

Exploit requires the ability to bind to port 69/UDP on the SAINTexploit host.

Platforms

Windows XP

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.974

Percentile

99.9%