CVE-2010-1885
EXPLOITEDMicrosoft Windows 2003 Server - OS Command Injection
Title source: ruleDescription
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
Exploits (3)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16545
exploitdb
WRITEUP
VERIFIED
by Tavis Ormandy · textremotewindows
https://www.exploit-db.com/exploits/13808
metasploit
WORKING POC
EXCELLENT
by Tavis Ormandy, natron · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_042_helpctr_xss_cmd_exec.rb
References (16)
Scores
EPSS
0.9220
EPSS Percentile
99.7%
Details
VulnCheck KEV
2011-07-26
CWE
CWE-78
Status
published
Products (3)
microsoft/windows_2003_server
(2 CPE variants)
microsoft/windows_server_2003
microsoft/windows_xp
(3 CPE variants)
Published
Jun 15, 2010
Tracked Since
Feb 18, 2026