is a generic detection for a cross-site scripting method that exploits a vulnerability (CVE-2010-1885
) in Windows Help and Support Center that could allow an attacker to run arbitrary code on the local computer.
Exploit:Win32/CVE-2010-1885.gen may be encountered if a Windows XP/2003 user is enticed to browse a malicious Web page or click on a hyperlink that contains the exploit.
The exploit passes a URL (for example, hcp://<URL>) to "helpctr.exe" using specific escape sequences that could result in the execution of arbitrary code.
This exploit affects computers running Windows XP/2003 with Internet Explorer 8 (or below) and Windows Media Player 9. Upgrading to Windows Media Player 10
prevents the exploit from running without a prompt.
For more information about this vulnerability, see the resources below:
Analysis by Andrei Florin Saygo
Alert notifications or detections of this malware from installed antivirus or security software may be the only other symptom(s).