CVE-2010-1885

Name of the Vulnerable Software and Affected Versions Microsoft Windows Help and Support Center versions in Windows XP and Windows Server 2003

Description The issue concerns a problem with handling malformed escape sequences in the Microsoft Windows Help and Support Center, allowing remote attackers to bypass the trusted documents whitelist and execute arbitrary commands via a crafted hcp:// URL. An unauthenticated remote code execution vulnerability exists in the way that the Microsoft Help and Support Center validates specially crafted URLs. This could allow remote code execution if a user views a specially crafted Web page or clicks a specially crafted link in an e-mail message, potentially enabling an attacker to execute arbitrary code, install programs, view, change, or delete data, or create new accounts with full user rights.

Recommendations For Windows XP and Windows Server 2003, at the moment, there is no information about a newer version that contains a fix for this vulnerability.