Description
Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Tavis Ormandy · textremotewindows
https://www.exploit-db.com/exploits/34126
References (10)
Core 10
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/578319
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
Exploit mailing-list
x_refsource_fulldisc
http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html
Vendor Advisory x_refsource_misc
http://www.microsoft.com/technet/security/advisory/2219475.mspx
Vendor Advisory x_refsource_misc
http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
Vendor Advisory x_refsource_misc
http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40721
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1417
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40076
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511774/100/0/threaded
Scores
EPSS
0.2481
EPSS Percentile
96.2%
Details
CWE
CWE-79
Status
published
Products (3)
microsoft/windows_2003_server
(2 CPE variants)
microsoft/windows_server_2003
microsoft/windows_xp
(3 CPE variants)
Published
Jun 15, 2010
Tracked Since
Feb 18, 2026