CVE-2010-1885

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2010-1885 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The original article can be found at: http://www.microsoft.com/technet/security/Bulletin/MS10-042.mspx

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2010-1885

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* Microsoft Windows XP SP2
* Microsoft Windows XP SP3
* Microsoft Windows XP Professional x64 Edition SP2
* Microsoft Windows Server 2003 SP2
* Microsoft Windows Server 2003 x64 Edition SP2
* Microsoft Windows Server 2003 SP2 for Itanium-based Systems

A previously public (June 10, 2010) remote code execution vulnerability affects the Microsoft Help and Support centre due to how it handles the HCP protocol in specially crafted URIs. An attacker can exploit this issue by tricking an unsuspecting victim into viewing a web page containing specially malformed content. A successful exploit will result in the execution of arbitrary attacker-supplied code in the context of the currently logged-in user.

Patch Availability:
Microsoft has released a patch to address this vulnerability under MS10-042. For more information please refer to:
http://www.microsoft.com/technet/security/Bulletin/MS10-042.mspx

CVE Information:
CVE-2010-1885

Disclosure Timeline:
13 Jul 2010 - Published

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus