Mageni Mageni Security LLC

Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

MS Windows Help and Support Center Remote Code Execution Vulnerability

Information

Severity

Severity

Critical

Family

Family

Windows

CVSSv2 Base

CVSSv2 Base

9.3

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Solution Type

Solution Type

Vendor Patch

Created

Created

13 years ago

Modified

Modified

4 years ago

Share

Summary

This host is prone to remote code execution vulnerability.

Insight

Insight

The flaws are due to: - An error in the 'MPC::HTML::UrlUnescapeW()' function within the Help and Support Center application (helpctr.exe) that does not properly check the return code of 'MPC::HexToNum()' when escaping URLs, which could allow attackers to bypass whitelist restrictions and invoke arbitrary help files. - An input validation error in the 'GetServerName()' function in the 'C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\commonFunc.js' script invoked via 'ShowServerName()' in 'C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfomain.htm', which could be exploited by attackers to execute arbitrary scripting code.

Affected Software

Affected Software

Windows XP Service Pack 2/3 Windows Server 2003 Service Pack 2.

Solution

Solution

Vendor has released a patch for the issue. Please see the references for more information.

Common Vulnerabilities and Exposures (CVE)

References