Login   |   Secure Purdue > News

Microsoft Windows Help and Support Center URL Processing Vulnerability

A vulnerability has been discovered in Microsoft Windows.

From Secunia as sited below:

"The vulnerability is caused due to an error when processing escaped URLs through Microsoft Windows Help and Support Center (helpctr.exe). This can be exploited to bypass restrictions normally imposed by the "-FromHCP" command-line argument and pass arbitrary parameters to local help documents.

Successful exploitation allows execution of arbitrary commands through the use of an additional input sanitation error in the sysinfomain.htm help document, when opening a specially crafted "hcp://" URL.

The vulnerability is confirmed on a fully patched Windows XP SP3 with Windows Media Player 9 and Internet Explorer 8. Windows Server 2003 is also reportedly affected."

--

This is unpatched at this time.  At present, the solution is to disable the "hcp:" URI handler.

Please see the vendor's advisory for workaround details.

Microsoft:
http://www.microsoft.com/technet/security/advisory/2219475.mspx

--  

Sited:

http://secunia.com/advisories/40076

Original Advisory
Tavis Ormandy:
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html

Posted by Cynthia Welch on June 10, 2010, in Handlers Log.