Exploit:Win32/CVE-2010-1885

Exploit:Win32/CVE-2010-1885 is a detection for a cross-site scripting method that exploits a vulnerability in Windows Help and Support Center that could allow an attacker to run arbitrary code on the affected computer. More information about the vulnerability is available in the following articles:

• Microsoft Security Bulletin MS10-042
• Microsoft Security Response Center (MSRC) Blog
• CVE-2010-1885

Installation

Exploit:Win32/CVE-2010-1885 may be encountered if a user on a computer running Windows XP or 2003 is enticed to browse a malicious webpage or click on a hyperlink that contains the exploit.

The exploit passes a URL (for example, hcp://<URL>) to "helpctr.exe" using specific escape sequences that could result in the execution of arbitrary code.

This exploit affects computers running Windows XP and 2003 with Internet Explorer 8 (or below) and Windows Media Player 9. Upgrading to Windows Media Player 10 prevents the exploit from running without a prompt.

Analysis by Daniel Radu