CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
AI Score
Confidence
Low
EPSS
Percentile
99.9%
Added: 06/15/2010
CVE: CVE-2010-1885
BID: 40725
OSVDB: 65264
The Microsoft Windows Help and Support Center is a resource in Microsoft Windows operating systems for online help, support, tools, how-to articles, and other resources.
A vulnerability in Windows Help and Support Center allows command execution when a user loads a specially crafted HCP URL resulting in a bypass of the whitelist restrictions provided by the **-FromHCP**
option.
Apply the fix referenced in Microsoft Security Bulletin 10-042.
http://www.kb.cert.org/vuls/id/578319
http://www.securityfocus.com/archive/1/511774
Exploit works on Windows XP SP3 and requires a user to open the exploit page in Internet Explorer.
Internet Explorer 8 will pop up security prompts during the exploiting process asking permissions for execution operations. The target user must grant these operations.
Exploit requires the ability to bind to port 69/UDP on the SAINTexploit host.
Windows XP