The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microsoft
Published: 2010-06-14T18:00:00
Updated: 2018-10-12T19:57:01
Reserved: 2010-05-11T00:00:00
Link: CVE-2010-1885
JSON object: View
NVD Information
Status : Modified
Published: 2010-06-15T14:04:23.530
Modified: 2019-02-26T14:04:00.993
Link: CVE-2010-1885
JSON object: View
Redhat Information
No data.
CWE