Microsoft Windows Help and Support Center URL Processing Vulnerability

A vulnerability has been discovered in Microsoft Windows.

From Secunia as sited below:

"The vulnerability is caused due to an error when processing escaped URLs through Microsoft Windows Help and Support Center (helpctr.exe). This can be exploited to bypass restrictions normally imposed by the "-FromHCP" command-line argument and pass arbitrary parameters to local help documents.

Successful exploitation allows execution of arbitrary commands through the use of an additional input sanitation error in the sysinfomain.htm help document, when opening a specially crafted "hcp://" URL.

The vulnerability is confirmed on a fully patched Windows XP SP3 with Windows Media Player 9 and Internet Explorer 8. Windows Server 2003 is also reportedly affected."

--

This is unpatched at this time.  At present, the solution is to disable the "hcp:" URI handler.

Please see the vendor's advisory for workaround details.

Microsoft:
http://www.microsoft.com/technet/security/advisory/2219475.mspx

--  

Sited:

http://secunia.com/advisories/40076

Original Advisory
Tavis Ormandy:
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html

Posted by Cynthia Welch on June 10, 2010, in Handlers Log.

Purdue University, 610 Purdue Mall, West Lafayette, IN 47907, (765) 494-4600

© 2016 Purdue University | An equal access/equal opportunity university | Integrity Statement | Copyright Complaints | Maintained by ITaP

Trouble with this page? Disability-related accessibility issue? Please contact ITaP at itap@purdue.edu.

PDF files can be viewed in Adobe Acrobat Reader.