is a detection for a cross-site scripting method that exploits a vulnerability in Windows Help and Support Center that could allow an attacker to run arbitrary code on the affected computer. More information about the vulnerability is available in the following articles:
may be encountered if a user on a computer running Windows XP or 2003 is enticed to browse a malicious webpage or click on a hyperlink that contains the exploit.
The exploit passes a URL (for example, hcp://<URL>) to "helpctr.exe" using specific escape sequences that could result in the execution of arbitrary code.
This exploit affects computers running Windows XP and 2003 with Internet Explorer 8 (or below) and Windows Media Player 9. Upgrading to Windows Media Player 10 prevents the exploit from running without a prompt.
Analysis by Daniel Radu
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.