What is CVE-2010-1885?

CVE-2010-1885 is a vulnerability in Microsoft Windows_2003_server, classified under OS Command Injection. Published 2010-06-15.

Is CVE-2010-1885 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Microsoft Windows_2003_server

CVE-2010-1885

The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.922 (99.7th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

rapid7/metasploit-framework

References

VU#578319 (US Government Resource, x_refsource_CERT-VN, third-party-advisory)
20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly (mailing-list, x_refsource_BUGTRAQ)
ms-win-helpctr-command-execution(59267) (vdb-entry, x_refsource_XF)
20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly (mailing-list, x_refsource_BUGTRAQ)
secure@microsoft.com (x_refsource_CONFIRM, Vendor Advisory)
40725 (Exploit, vdb-entry, x_refsource_BID)
20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly (mailing-list, Exploit, x_refsource_FULLDISC)
1024084 (vdb-entry, x_refsource_SECTRACK)
13808 (exploit, x_refsource_EXPLOIT-DB)
secure@microsoft.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2010-1885?: CVE-2010-1885 is a vulnerability in Microsoft Windows_2003_server, classified under OS Command Injection. Published 2010-06-15.
Is CVE-2010-1885 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.