Microsoft Windows Help and Support Center Multiple Vulnerabilities
RISK: Medium Risk
Multiple vulnerabilities have been identified in Microsoft Windows, which could be exploited by remote attackers to compromise a vulnerable system.
1. An error in the "MPC::HTML::UrlUnescapeW()" function within the Help and Support Center application (helpctr.exe) that does not properly check the return code of "MPC::HexToNum()" when escaping URLs, which could allow attackers to bypass whitelist restrictions and invoke arbitrary help files.
2. An input validation error in the "GetServerName()" function in the "C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\commonFunc.js" script invoked via "ShowServerName()" in "C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfomain.htm", which could be exploited by attackers to execute arbitrary scripting code in the security context of the Help and Support Center.
By combining these vulnerabilities, a remote attacker can inject malicious code in the Help and Support Center and execute arbitrary commands on a vulnerable system by tricking a user into visiting a specially crafted web page.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows XP
- Microsoft Windows Server 2003
Solutions
There is no patch available for this vulnerability currently.
Workaround
Disable the "hcp:" URI handler.
Vulnerability Identifier
Source
Related Link
Share with