Skip to main content

Microsoft Windows Help and Support Center Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 11 Jun 2010 5183 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Microsoft Windows, which could be exploited by remote attackers to compromise a vulnerable system.

1. An error in the "MPC::HTML::UrlUnescapeW()" function within the Help and Support Center application (helpctr.exe) that does not properly check the return code of "MPC::HexToNum()" when escaping URLs, which could allow attackers to bypass whitelist restrictions and invoke arbitrary help files.

2. An input validation error in the "GetServerName()" function in the "C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\commonFunc.js" script invoked via "ShowServerName()" in "C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfomain.htm", which could be exploited by attackers to execute arbitrary scripting code in the security context of the Help and Support Center.

By combining these vulnerabilities, a remote attacker can inject malicious code in the Help and Support Center and execute arbitrary commands on a vulnerable system by tricking a user into visiting a specially crafted web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows XP
  • Microsoft Windows Server 2003

Solutions

There is no patch available for this vulnerability currently.

Workaround
Disable the "hcp:" URI handler.


Vulnerability Identifier


Source


Related Link