Follow:

 

Exploit:Win32/CVE-2010-1885


Exploit:Win32/CVE-2010-1885 is a detection for a cross-site scripting method that exploits a vulnerability in Windows Help and Support Center that could allow an attacker to run arbitrary code on the affected computer.



What to do now

To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat:

For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/.

This threat exploits a vulnerability in Windows XP and 2003. Refer to the following articles for more information on how to resolve the vulnerability:

Threat behavior

Exploit:Win32/CVE-2010-1885 is a detection for a cross-site scripting method that exploits a vulnerability in Windows Help and Support Center that could allow an attacker to run arbitrary code on the affected computer. More information about the vulnerability is available in the following articles:

Installation

Exploit:Win32/CVE-2010-1885 may be encountered if a user on a computer running Windows XP or 2003 is enticed to browse a malicious webpage or click on a hyperlink that contains the exploit.

The exploit passes a URL (for example, hcp://<URL>) to "helpctr.exe" using specific escape sequences that could result in the execution of arbitrary code.

This exploit affects computers running Windows XP and 2003 with Internet Explorer 8 (or below) and Windows Media Player 9. Upgrading to Windows Media Player 10 prevents the exploit from running without a prompt.

Analysis by Daniel Radu


Symptoms

There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms.


Prevention


Alert level: Severe
First detected by definition: 1.107.1370.0
Latest detected by definition: 1.139.1360.0 and higher
First detected on: Jul 08, 2011
This entry was first published on: Jul 08, 2011
This entry was updated on: Dec 16, 2011

This threat is also detected as:
No known aliases